A government audit of Internal Revenue Service financial statements reveals deficiencies in internal information security controls, including missing security updates, insufficient audit trails and monitoring for certain key systems and use of weak passwords.
Gregory Wilshusen discusses the path he followed to his job as the government's lead information security auditor and the skills needed to be an InfoSec auditor.
Too often, individuals who fail to take the proper steps to secure IT aren't punished for their reckless behavior. But should those who consistently fail to follow safe cyber hygiene be severely penalized for repeatedly falling for phishing attacks?
The human element has been referred to as the weakest link in the security chain. Do advances in applying analytics to human behavior hold the key to reducing risks?
If the Chinese government hacked the U.S. Office of Personnel Management for espionage purposes, then the U.S. government's $133 million contract to provide ID theft monitoring services is a waste of money. Instead, the agency could have used the funds to safeguard its systems against future attacks.
Statements issued by the United States and China give a different take on cybersecurity talks scheduled to take place next week between presidents Barack Obama and Xi Jingling.
BlackBerry plans to buy mobile device management rival Good Technology for $425 million. BlackBerry must prep for a future in which it no longer manufactures hardware - and that's why this deal makes sense.
In her first interview since joining the HHS Office for Civil Rights as deputy director of health information privacy, Deven McGraw describes plans to relaunch HIPAA compliance audits next year and outlines other priorities.
The HHS Office for Civil Rights is getting closer to resuming the HIPAA compliance audit program, says OCR Director Jocelyn Samuels. Plus, OCR has completed another major breach-related settlement, and it's firming up plans for several new compliance-related initiatives.
An inspector general's memo that highlights three significant information security deficiencies that have plagued the U.S. Department of Labor for the past five years points out problems that most federal agencies confront.
The outrage directed at Oracle Corp.'s security chief after a recent blog post in which she scolded third parties who scan the company's software looking for security flaws had a familiar ring: Do medical device makers have a similar cybersecurity attitude?
The Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils - and promise - of our Internet-connected, hacktivist age, whether it comes to online dating or the Internet of Things.
Tools to build and manage the ZeusVM banking Trojan have been leaked online, meaning that both die-hard and would-be criminals alike can now try their hand at running botnets, for free.
Would encryption, two-factor authentication and other measures stop a determined adversary from stealing millions of U.S. government personnel files? No, a former CIA CISO says. Read how Robert Bigman would defend against OPM-style cyber-attacks.
The Gartner Security and Risk Management Summit tackles digital business, a concept that blurs the physical and digital worlds, and requires organizations to reconsider how they approach IT security and risk management.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.