As healthcare organizations ramp up HIPAA compliance efforts, they should make far greater use of guidance from the National Institute of Standards and Technology, says security consultant Mac McMillan.
Iris scanning is becoming old hat for authenticating individuals entering secured facilities or crossing international borders, but it remains several years away for use in providing access to IT systems.
If your organization's leadership has been lukewarm to funding information security efforts, it's time to turn up the heat before you end up in hot water with federal regulators enforcing the HIPAA Omnibus Rule.
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
Creating circles of trust - networks of IT security professionals who rely on one another - is a key element in forthcoming National Institute of Standards and Technology guidance on incident response.
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
Keeping risk assessment documentation and other compliance evidence in a centralized repository is a good way to prepare for any HIPAA audit or investigation, says Mark Dill, Cleveland Clinic's security leader.
When it comes to the impending Sept. 23 HIPAA Omnibus enforcement deadline, many smaller organizations are making serious progress - or seriously procrastinating, says compliance expert Margie Satinsky.
The panel would review the latest intelligence and communications technologies to determine the risk of unauthorized disclosure to national security and foreign policy, as well as assess the need to maintain the public trust.
The Obama administration is floating the idea that critical infrastructure owners would more likely adopt voluntary security best practices if the government engages the insurance industry to help develop its cybersecurity framework.