Hackers target RSA's SecurID products, leading federal IT policymakers question America's preparedness for cyberattacks, new House bill would reform federal IT security governance and why Ohio state government decided to standardize on NIST IT security framework.
It's serious news that RSA's SecurID solution has been the target of an advanced persistent threat. But "It's not a game-changer," says Stephen Northcutt, CEO of SANS Institute. "Anybody who says it is [a game-changer] is an alarmist."
"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.
The announcement by RSA that it had been a victim of an advanced persistent threat shook the global information security industry. Stephen Northcutt of SANS Institute and David Navetta of the Information Law Group offer insight on what happened, what it means and how to respond.
In the second major HIPAA enforcement action announced by federal authorities this week, Massachusetts General Hospital and its physicians organization have entered into a resolution agreement that calls for paying a $1 million settlement and taking corrective action to avoid future violations.
The owner of four clinics in Maryland has been fined $4.3 million for HIPAA privacy rule violations that involved failing to provide 41 patients with access to their medical records and then failing to cooperate with federal investigators.
It's not enough to recover data after an incident; also essential is restoring the software needed to read the data, as Federal Emergency Management Agency has learned. The inspector general explains it all.
"Once you get over the idea that we don't have permanent world peace, and people may need to attack each other in particular circumstances ... then maybe there's a lot of good things to say about cyberweapons," says Peter Sommer of the London School of Economics' Information Systems and Innovation Group.
When a database breach occurs, consumer notification continues to be a public problem, and it's time for the federal government to step in, says Linda Foley, co-founder of the non-profit Identity Theft Resource Center.