NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
Significant security flaws involving access, configuration-management and continuous-monitoring controls have been identified in a new Inspector General audit of Veterans Affairs' IT systems.
National Security Agency Director Keith Alexander declined to say that the agency would stop using contractors in top secret IT positions to prevent a leak such as the one that exposed NSA programs to collect metadata on American citizens.
A House panel establishes a bipartisan supply chain working group to explore the federal government's role in helping industry assure that IT and telecommunications wares they buy abroad are safe from exploits.
From a risk-management perspective, Bloomberg didn't consider its reputation when it allowed its reporters to track the log activity of Bloomberg Terminal customers.
A key difference between state-sponsored espionage and organized criminals or hacktivists is the level of persistence and determination to break through defenses. Here's advice from security experts on defending against nation-state attacks.
Does legislation designed to get businesses and governments to share cyberthreat information provide adequate civil liberties protections? Find out what's at the heart of the debate.
How can healthcare providers help to ensure better medical device security? They need to put more pressure on device vendors at the time of procurement, says security researcher Kevin Fu.
What are the responsibilities of business associates under the HIPAA Omnibus Rule? And how should covered entities work with BAs on compliance? Security expert Mac McMillan explains.
Outsourcing to the cloud poses new risks, especially for card data. The PCI Council addresses those risks in its just-released cloud security guidance, and Bob Russo offers exclusive insights.
As a growing number of enterprises turn to cloud computing, the government could reclassify the cloud as a critical infrastructure, putting it on par with electrical grids, public-health networks and banking systems. Will regulations follow?
CISOs' top three priorities for 2013 are emerging threats, technology trends and filling security gaps, says RSA CISO Eddie Schwartz. But what new strategies should leaders employ to tackle these challenges?
A growing concern for enterprises is ensuring the integrity of the computer products they buy. What steps need to be taken to vet a product's reliability? Gartner Fellow Neil MacDonald explains.
Acquiring IT security products gets more complicated every day, so SINET's John Muir says it's not unreasonable to expect that even the most informed CISO needs help in identifying the right hardware, software and services to obtain.
As a result of the recent Apple-Samsung verdict, CISOs at organizations need to be mindful of where their software is being sourced from, says patent attorney Jim Denaro.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.