A divided House committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework.
Responding to disruptive data breaches, dealing with Mirai botnets, hacking back and the need for enterprises to segment their backup environments were just some of the topics dominating this year's RSA Conference in San Francisco.
Amidst the increasing security chaos facing individuals and organizations, one of the dominant themes at this year's RSA Conference was the need for information security professionals to do more, bringing order to enterprise IT security as well as by influencing public policy.
Australia's Parliament has passed a mandatory data breach notification law that requires some organizations to tell consumers and regulators about an incident within 30 days or face hefty fines. But one security expert says the law has gaps that could pose risks.
Cloud computing initiatives, network monitoring and risk management are driving network security operations. Meanwhile, federal agencies face record levels of threats yet still rely on manual processes and outdated point tools. Agency network security operations must be modernized to streamline network security...
As ransomware attacks continue to plague organizations in healthcare and other sectors, Maryland is considering legislation specifically identifying ransomware attacks as a crime punishable with prison sentences. California and Wyoming are among the states that have enacted somewhat similar legislation.
Certification and accreditation (C&A) has been like alphabet soup. As it transitions to assessment and authorization (A&A), it's time to sort through the confusion and identify which terms and processes apply in any given situation.
This paper sorts through the confusion to identify which terms, approaches, and...
Legislation to tighten insider threat defenses at the U.S. Department of Homeland Security has passed the House of Representatives and goes to the Senate, which failed to consider a similar measure that passed the House in the last Congress.
Looking to go at it alone when securing your public cloud environment? Without a clear understanding of its nuances, even the most state-of-the-art solution won't make it past an annual compliance audit.
This detailed guide is for those pursuing PCI DSS compliance on their DIY cloud security environment.
President Barack Obama has signed the National Defense Authorization Act, legislation that includes a provision he opposes to leave the leader of the newly-elevated U.S. Cyber Command as the head of the National Security Agency as well.
The impact of the patient data privacy and security provisions of the 21st Century Cures Act, signed into law Dec. 13, will depend, in part, on who is chosen to study key issues and come up with recommendations, says attorney Steven Teppler.
President Obama is expected on Dec. 13 to sign the 21st Century Cures Act, which the Senate passed on Dec. 7. Among its long list of provisions, the bill lays out a number of privacy and security-related projects for HHS, including imposing fines on those that intentionally block health data information sharing.
Today's ISMG Security Report leads off with House Homeland Security Committee Chairman Michael McCaul and DHS Secretary Jeh Johnson lamenting about the congressional bureaucracy that hinders passage of needed cybersecurity legislation.
The House has easily approved a heavily reworked version of the 21st Century Cures bill that was stripped of controversial proposed changes to HIPAA. The measure, which would provide $6.3 billion for various efforts to advance medical innovation and is backed by the White House, will proceed to the Senate next week.