New NIST guidance is aimed at helping organizations to better understand the risks associated with the information and communications technology supply chain, says Jon Boyens, a NIST senior adviser.
Target is the high-profile example, but many organizations have been breached through third-party vulnerabilities. Where are the security gaps, and how can they be filled? BitSight's Stephen Boyer offers insight.
President Obama twice threatened to veto info sharing bills sponsored by Rep. Mike McCaul. So when the Texas Republican backs the Democratic president's plan for a cyberthreat intelligence center, you've got to think it's a great idea. Maybe, maybe not.
The latest entrant into the password "hall of shame" is Sony Pictures Entertainment. As the ongoing dumps of Sony data by Guardians of Peace highlight, Sony apparently stored unencrypted passwords with inadequate access controls.
Retailers cannot avoid innovation. Yet, cybercriminals thrive when retailers innovate. What, then, can retailers do to stop cybercriminals from breaching their defenses? Here are three key questions to answer.
A dispute involving an EHR vendor that allegedly locked out a small clinic's access to patient data illustrates why healthcare organizations need to carefully scrutinize the HIPAA-related fine print in their business associate contracts.
Healthcare organizations are still struggling to make sense of all the emerging cyberthreats they face and figure out how best to share the latest intelligence and stretch limited security resources. But some are making bold moves.
With lessons learned from the misfired launch of HealthCare.gov, the Obama administration is offering expert help - including security and privacy tips - to other federal agencies for their IT rollouts.
Federal authorities say the successful prosecution of a member of an international cybercrime ring proves progress is being made in shuttering ATM cash-out schemes. But some experts say processors and prepaid cards will continue to be targeted by attackers.
Characterizing the state of employment among American information security practitioners, executive recruiter Joyce Brocaglia says, "We are experiencing negative unemployment in the field of information security."
To help prevent data breaches involving business associates, healthcare organizations need to develop vendor management programs with razor-sharp requirements, says risk management expert Rocco Grillo.
Scores of banking/security leaders gathered at the SF Fraud Summit to learn from the nation's leading experts on topics such as account takeover, big data analytics, insider risks and payment card fraud.
Starting now, healthcare organizations using Microsoft Windows XP-based medical devices better have short- and long-term strategies to address cybersecurity, says medical device security researcher Kevin Fu.
Manufacturers of a wide variety of devices that link to the Internet can improve security by turning to processes IT has used for nearly a generation, says Tony Sager of the Council on Cybersecurity.
Mobility has driven the rise of containerization as a security strategy for employee-owned devices. But what about for contractors? Kimber Spradlin of Moka 5 discusses how to mitigate third-party risks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.