The controls create a baseline to properly address the unique elements of authorizing cloud products and services, including multi-tenancy, control of an infrastructure and shared resource pooling, Homeland Security CIO Richard Spires says.
As organizations move to the continuous monitoring of their IT systems to assure they're secure, they rely much more on automated processes. But don't forget the role people play.
When the Commonwealth of Pennsylvania suffered a major security breach a few years back, vulnerabilities in a Web application were to blame. CISO Erik Avakian explains how the state developed a process to correct flaws in application code.
Researchers from Kaspersky Lab say at least two other pieces of malware may have been developed on the same computing platform, perhaps by the same individuals.
The beginning of a new year is the perfect time to redouble your organization's breach prevention efforts. After all, no one wants to see their organization's name on the federal breach list.
These new sites now make Information Security Media Group the largest global network of information security-focused media sites, reaching the most diverse audience of decision-makers in each of ISMG's key markets.
Fraud threats have changed little in the past decade. But their global scale has, and James Ratley, president of the ACFE, details how fraud examiners must change their approach to fighting these crimes in 2012.
Revised guidance from the National Institute of Standards and Technology, SP 800-63-1, could help organizations protect themselves from a growing threat to their information assets: the insider.
Smaller hospitals and clinics soon will get some extra guidance from federal regulators about preparing risk assessments. But a federal advisory group has urged the Department of Health and Human Services to offer far more guidance on a variety of information security issues.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
Vulnerabilities in applications developed for the Commonwealth of Pennsylvania contributed to a major security breach a few years back, one that state CISO Erik Avakian does not want repeated.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
