Well-publicized health information breach incidents are serving as important reminders that paying attention to the physical security of data centers is a vital component of any information security strategy.
Online security has come a long way in recent years, but so have phishing attacks. As the Epsilon e-mail breach proves, fraudsters are honing their attacks through the acquisition detailed e-mail profiles and sensitive information connections, says ID security expert Tim Rohrbaugh.
The Department of Health and Human Services has announced two projects tackling the issue of how to obtain patient consent to provide access to their electronic health records via health information exchanges.
"The phishing only works if the consumer participates; they have to click on something; they have to open something," says Neal O'Farrell of the Identity Theft Council. "So, based on that assumption, shouldn't we be doing more to educate them?"
Texas spent $1.2 million to notify individuals - as many as 3.5 million - whose personal information were exposed, $393,000 to established a call center and $290,000 to retain two IT consultants to examine the agency's IT security policies and procedures.
"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," says Rickey R. Hass, deputy inspector general for audits and inspections.
SWIFT says globalization, regulation and the introduction of new services from non-financial providers will set the tone for 2011. But increasing transaction volume and the convergence of payment technologies from differing global markets also pose their own challenges.
Attackers could leverage vulnerabilities to gain control of air traffic control systems, with intruders using unprotected computers to compromise other systems that depend on the same network, a Transportation Department audit reveals.
Healthcare organizations should provide their staffs with training on how to guard against identity theft regardless of whether they must comply with the federal Red Flags Rule, says fraud prevention expert Jeremy Miller.
Top executives seek the CISO's advice to help determine whether cloud computing benefits outweigh the risks. Here are the top five cloud security risks and concerns CISOs must discuss with their leaders.