The federal government is licensing a government-built anomaly detection tool known as PathScan to Ernst & Young, which, in turn, will refine the software and market it. In an interview, DHS's Mike Pozmantier explains why the government is offering its technology to the private sector.
In preparing business associate agreements, healthcare organizations should demand a right-to-audit clause and copies of vendors' current security policies as proof that the companies are taking appropriate measures to protect patient data, says security expert Rebecca Herold.
Blue Coat CTO Dr. Hugh Thompson speaks about the future of security, the constants that need attention, and lessons to be learned from the U.S. when it comes to writing meaningful breach notification laws.
An inspector general's memo that highlights three significant information security deficiencies that have plagued the U.S. Department of Labor for the past five years points out problems that most federal agencies confront.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.
Tools to build and manage the ZeusVM banking Trojan have been leaked online, meaning that both die-hard and would-be criminals alike can now try their hand at running botnets, for free.
The healthcare sector lags behind the financial sector when it comes to the maturity of vendor risk management programs, a new study confirms. Risk management experts Rocco Grillo and Gary Roboff analyze the work yet to be done.
Mumbai-based Meru Cabs, which offers online and mobile-app cab bookings, has been inadvertently exposing customer data to the Internet. How did the exposure occur, and what is Meru doing to address the flaw?
Some federal lawmakers are concerned that passing a national data breach notification law would weaken security protections found in certain states' statutes. That's a major reason getting a national law enacted will prove difficult.
Banks are not doing enough to ensure that third-party service providers are taking adequate cybersecurity steps, according to the New York State Department of Financial Services, which is considering ramping up regulatory scrutiny.
New NIST guidance is aimed at helping organizations to better understand the risks associated with the information and communications technology supply chain, says Jon Boyens, a NIST senior adviser.
As financial institutions update their defenses in light of new types attacks - from scams to network-penetrating cyber-attacks - they need to ensure they factor in all of the ways that their systems and employees might be targeted or manipulated.
Target is the high-profile example, but many organizations have been breached through third-party vulnerabilities. Where are the security gaps, and how can they be filled? BitSight's Stephen Boyer offers insight.
President Obama twice threatened to veto info sharing bills sponsored by Rep. Mike McCaul. So when the Texas Republican backs the Democratic president's plan for a cyberthreat intelligence center, you've got to think it's a great idea. Maybe, maybe not.
The latest entrant into the password "hall of shame" is Sony Pictures Entertainment. As the ongoing dumps of Sony data by Guardians of Peace highlight, Sony apparently stored unencrypted passwords with inadequate access controls.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
