Boiled down to its essence, the latest guidance issued by the Federal Financial Institutions Examination Council (FFIEC) is rather simple.
Essentially it's asking U.S. financial institutions to mitigate risk using a variety of processes and technologies, employed in a layered approach. More specifically, it asks...
Encryption is evolving in terms of its role against the current threat landscape. And with the onslaught of advanced persistent threats, encryption stands out as a top contender in mitigating the risks.
For John Colley, managing director of (ISC)2 in EMEA, ethics need to be addressed more frequently in the workplace. Organizations can no longer assume information is legitimate or has been gained through ethical means.
Documenting procedures for the State Department's custom-made, continuous-monitoring tool known as iPost will help ensure that the data collected are appropriately used to protect the agency's global IT system, a GAO audit says.
Federal officials should consider a major revamp of a proposal that would require healthcare organizations to provide patients with a report listing everyone who has electronically accessed their records, a former government official who helped draft the proposal says.
Yahoo's Justin Somaini believes his fellow CISOs in business and government do a good job keeping their bosses informed of proper information security practices, but could do better in educating the rank and file about them.
When economists dissected July's 0.1 point drop in overall unemployment, to 9.1 percent, they attributed the decline mostly to fewer people seeking work. But that's not the case for IT security professionals. There are few discouraged workers in the information technology occupation categories these days.
The Health IT Policy Committee has endorsed best practices for giving patients clear and simple guidance regarding how to safeguard electronic health records when viewing or downloading them, such as through a hospital's or clinic's portal.
When preparing for a potential HIPAA compliance audit, former HIPAA enforcer Adam Greene advises healthcare organizations: "Don't panic. I'm skeptical if it's possible for an organization to be 'audit-proof.' If you try to scramble and get everything in order, you may fail."
"The need for fraud-prevention tools increases during times of recession," says Aite Group's Julie McNelley, who does not believe this week's economic shockwaves will hurt organizations' security priorities.
ISACA's Marc Vael says differences in cloud computing environments and cloud providers can pose security risks. But well thought-out contracts and risk-management plans can fill potential security gaps and ensure business continuity during outages and disasters.
The HHS Office for Civil Rights should carefully consider comments received on its proposal to require healthcare organizations to provide patients with a complete list of everyone who has electronically viewed their information.