A team headed by Senior Computer Scientist Ron Ross will update one of NIST's premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations.
As federal authorities continue efforts to develop privacy and security guidelines for health information exchanges, a new survey shows that healthcare providers and others consider privacy and security as the issues with the most potential to derail HIEs.
In the second major HIPAA enforcement action announced by federal authorities this week, Massachusetts General Hospital and its physicians organization have entered into a resolution agreement that calls for paying a $1 million settlement and taking corrective action to avoid future violations.
The owner of four clinics in Maryland has been fined $4.3 million for HIPAA privacy rule violations that involved failing to provide 41 patients with access to their medical records and then failing to cooperate with federal investigators.
Though the E-Government Act assigns primary responsibility for IT security to agency CIOs, the Cybersecurity and Internet Freedom Act, introduced last week in the Senate, delineates responsibilities for CISOs.
A preliminary draft of new online authentication guidance from the Federal Financial Institutions Examination Council puts greater responsibility on the shoulders of financial institutions to enhance security.
Federal regulators won't issue final versions of two important rules that deal with healthcare information privacy and security issues until the second half of this year, says security expert Lisa Gallagher.
In his new post, Chris Painter will head the State Department's global diplomatic engagement on cyber issues and serve as the department's primary liaison with his former boss, White House Cybersecurity Coordinator Howard Schmidt.
The latest Government Accountability Office report reflects the complexity of securing key IT systems: The administration has come far the past two years, but much more work remains to be done to secure effectively the nation's critical information infrastructure.