Antonin Scalia's replacement could help push the Supreme Court to reinterpret the Constitution's Fourth Amendment to make it harder for the government to surveil citizens online and seize their records stored on servers maintained by cloud service providers.
Federal regulators have issued new guidance to clarify scenarios where HIPAA privacy and security regulation might apply, including for mobile health applications and electronic data exchange. Why are some organizations still so confused?
How will federal banking regulators respond to growing criticism of the FFIEC's Cybersecurity Assessment Tool? A new FDIC publication leads some experts to believe no new guidance is forthcoming. Here's why.
Even as the demand for security professionals grows, the outflow of practitioners from the profession is greater than the influx of fresh blood, says (ISC)² CEO David Shearer. How can this trend be effectively addressed?
Mobility and IoT are acknowledged by security practitioners to be a whole different beast when it comes to management. MetricStream's French Caldwell says that GRC likewise needs to change its paradigm to accommodate this disruption.
A lawsuit filed against security firm Trustwave is raising questions about "PCI Professional Forensic Investigators" and how they are monitored by the PCI Security Standards Council. But experts say the onus is on companies, not the council, to ensure their security practices are adequate.
Casino operator Affinity Gaming has sued incident response firm Trustwave, alleging that the firm failed to fully eradicate and "contain" the 2013 data breach and payment card malware outbreak that it was hired to remediate.
Synthetic identity fraud is more pervasive than most people are aware. Synthetic identities are used to obtain financial services, medical benefits, insurance and rental housing, among other things. Additionally, organized crime and terrorist groups are realizing the benefits that the anonymity of synthetic identities...
After nearly a generation of prodding, not a week goes by without the continued assertion that banks have failed to respond to digital-savvy customers demanding anytime, anyplace, anywhere services through digital and mobile channels. But how can banks respond to the digitized offerings from "born in the cloud"...
The year 2015 will be remembered for the surge in massive hacker attacks in healthcare. But what lessons can healthcare organizations and their business associates learn from these data breaches?
In the coming months, the Department of Homeland Security will implement a new cyberthreat information sharing law designed to help prevent breaches. But will the Cybersecurity Act of 2015 really make a difference?
Jeremy King of the PCI Security Standards Council explains why it has extended its compliance deadline for encryption updates aimed at phasing out SSL and TLS 1.0. But he stresses that merchants, processors and acquirers should not wait to make upgrades.
In the largest monetary award obtained by the FTC in an enforcement action, LifeLock has agreed to pay $100 million to settle a case that, in part, stemmed from the identity protection company failing to establish and maintain an information security program to protect customers' personally identifiable information.
After years of failing to enact cyberthreat information-sharing legislation, Congress is poised to vote on a measure this week that would incentivize businesses to share voluntarily threat data with the federal government and with each other.
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.