"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
Thwarting the insider threat entails more than knowing an individual with access to a computer, but to recognize the synergy between the individual, organization, technology and environment, I3P Research Director Shari Lawrence Pfleeger says.
Devising strategies for ensuring social media are not used in ways that violate patient privacy is one of the top trends for 2011, says Lisa Gallagher, senior director of privacy and security at the Healthcare Information and Management Systems Society.
Community hospitals must become more vigilant about information security, especially as they apply for federal electronic health records incentive payments, says Chuck Christian, CIO at Good Samaritan Hospital in Vincennes, Ind.
To help agencies secure their wireless networks and technologies, the Government Accountability Office came up with eight leading practices. For now, GAO says, wireless networks remain at an increased vulnerability to attack.