In today's world, where certain data must be let in so governments and businesses can realize their missions, firewalls must be able to see the content flowing through networks, NIST Computer Scientists Tim Grance and Murugiah Souppaya say.
"Today's risk management professionals really need to take a strategic view of managing risk to be relevant in achieving the organization's expected outcome," says Philip Alexander of Wells Fargo Bank.
Sheryl Rose, the first chief information security officer at Catholic Health Initiatives, is leading efforts to implement a comprehensive security strategy as the organization rolls out electronic health records.
As criteria are developed for the next stages of the HITECH Act electronic health record incentive program, it's essential that privacy and security issues are adequately addressed, one consumer advocacy group stresses.
Describing it as the capstone publication of a partnership with the defense and intelligence communities, NIST publishes new guidance on managing security risk associated with the operation and use of IT systems.
NIST updates its national checklist program for IT products, tech specs for SCAP and guide to using vulnerability naming schemes as well as providing a status report on its cryptographic hash algorithm competition.
A team headed by Senior Computer Scientist Ron Ross will update one of NIST's premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations.
As federal authorities continue efforts to develop privacy and security guidelines for health information exchanges, a new survey shows that healthcare providers and others consider privacy and security as the issues with the most potential to derail HIEs.