Two final rules for the HITECH Act electronic health record incentive program strongly emphasize the value of risk assessments and encryption as measures for safeguarding patient information. Here's an analysis of the details.
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
Benchmarking security performance against peers and industry averages is one way
organizations can get a true picture of just how secure they are.
To understand optimism bias of cybersecurity performance, we commissioned a survey with
Dimensional Research that asked IT professionals about their organization's...
If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
Put your personal feelings aside; what's dangerous about the AshleyMadison.com breach is that ideologists will now go beyond taking down an IT system and actually destroy a business. This evolution, says cybersecurity expert Carl Herberger, requires a new way to assess and mitigate risk.
As federal lawmakers return this week from their Independence Day recess, Congress picks up where it left off before the break: holding hearings on the Office of Personnel Management breach that exposed the personal records of millions of government workers.
The FFIEC has released its much-anticipated Cybersecurity Assessment Tool. Hear why banking regulator Tim Segerson believes the tool is expected to be rolled into regulatory examinations by summer of 2016.
Wipro has developed a fraud detection model for improved risk management using big data analytics. Can CISOs leverage it to reduce risk, enhance process efficiency and refine fraud detection algorithms?
EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.
In assessing risk, computer security has three characteristics: confidentiality, integrity and availability. But not all of those traits help systems designers assess privacy risks. So NIST is developing a privacy risk management framework.
Some healthcare associations are seeking more clarity from federal regulators about security and privacy requirements proposed for Stage 3 of the HITECH Act "meaningful use" incentive program for electronic health records. Find out their concerns.
With federal regulators moving closer to restarting the delayed HIPAA compliance audit program, now is the time for covered entities and business associates to prepare for potential scrutiny, says healthcare attorney Brad Rostolsky.
The United States Coast Guard faces challenges in protecting the private information found in medical records of its personnel and their families, a Department of Homeland Security inspector general report says.
Emerging cybersecurity risks are now banking institutions' top concern, says the ABA's Heather Wyson-Constantine. What are institutions' contractual protections in the wake of a third-party data breach?