An inspector general report on a Federal Reserve audit raises more questions than it answers regarding the security risks facing one of the Fed's information systems. The executive summary of the audit fails the transparency test to inform the public.
The HHS Office for Civil Rights will dramatically ramp up its HIPAA enforcement activities in 2016, fueled by a financial infusion from recent fines in HIPAA cases, predicts privacy attorney David Holtzman of CyngergisTek, a former OCR senior adviser.
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Turns out electronic learning products can be bad for children's privacy - and for their parents too. The VTech breach highlights how, despite repeated warnings, too many manufacturers continue to not take security seriously.
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.
The shift to the EMV standard in the U.S. has drawn incredible media attention for more than a year as everyone witnesses the approach of the looming liability shift deadline. But what does it really mean for merchants, consumers, and hackers? I say the answer is actually very little, and in as few words as possible,...
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
The federal government is licensing a government-built anomaly detection tool known as PathScan to Ernst & Young, which, in turn, will refine the software and market it. In an interview, DHS's Mike Pozmantier explains why the government is offering its technology to the private sector.
In preparing business associate agreements, healthcare organizations should demand a right-to-audit clause and copies of vendors' current security policies as proof that the companies are taking appropriate measures to protect patient data, says security expert Rebecca Herold.
Blue Coat CTO Dr. Hugh Thompson speaks about the future of security, the constants that need attention, and lessons to be learned from the U.S. when it comes to writing meaningful breach notification laws.
An inspector general's memo that highlights three significant information security deficiencies that have plagued the U.S. Department of Labor for the past five years points out problems that most federal agencies confront.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.
The healthcare sector lags behind the financial sector when it comes to the maturity of vendor risk management programs, a new study confirms. Risk management experts Rocco Grillo and Gary Roboff analyze the work yet to be done.