A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
In a new alert, the OCC says banking institutions should be concerned about fraud attempts linked to recent distributed-denial-of-service attacks on prominent U.S. banks.
As the recent PATCO case shows, fraud litigation is moving away from just establishing damages. The key legal question now is: What is reasonable security? Attorneys discuss the 2013 fraud legal landscape.
Most U.S. Defense Department contractors would be required to report a data breach to the Pentagon under provisions of the National Defense Authorization Act agreed to by a House-Senate conference committee.
A breach that resulted in a $1 million HIPAA settlement led Partners Healthcare in Boston to take many significant steps, including merging its privacy and security efforts, says CISO Jennings Aske. More changes are planned for 2013.
A new Congress - the 113th - comes to Washington in January, and the battles over IT security begin anew. Here's my take on how cybersecurity will take shape in 2013.
HSBC and SCB will pay millions in penalties for violating anti-money-laundering laws. Experts say the penalties are justified, but question the deterrent effect.
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
"Accessing medical records [should be] as easy as accessing banking records today," says Farzad Mostashari, M.D., national coordinator for health IT, addressing a hearing on patient ID authentication.
Given the magnitude of sensitive information on Social Security Administration computers, the inspector general says, any loss of confidentiality, integrity or availability of systems or data could have a significant impact on the nation's economy.
Organizations that have struggled with risk assessments to comply with PCI-DSS requirements now can take advantage of new guidance. Learn about the latest advice on how to address shortcomings.
A long-delayed omnibus package of regulations, including modifications to the HIPAA privacy and security rules, remains tied up in government limbo. When might the new rules be released?
David Sherry, CISO of Brown University, sees the security leadership role transitioning completely to risk and governance over the next few years. What challenges will leaders face along the way?
Despite numerous data breaches, as well as financial incentives and penalties, many healthcare organizations aren't taking risk assessment requirements seriously. Experts offer insights on best practices.
For the second time in three months, the Senate on Nov. 14 failed to muster the 60 votes needed to halt a filibuster of the Cybersecurity Act of 2012. The vote was 51-47.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.