"The first question they are going to ask the external provider is: 'What kind of procedures will you follow for physically securing the servers, for assuring the authenticity of the log-in, for security of the data during transit to and from your site?'" IBM's Dave McQueeney says.
"We need to embrace change effectively because it's coming and we need to look at those opportunities that we have in these transformational states and embrace change in a positive manner," Nevada CISO Christopher Ipsen says.
IRS Commissioner Douglas Shulman responds that the IRS has reduced material weaknesses in its security controls over the past year, with the agency taking additional steps to reduce risk further in the coming year.
If lawmakers seek a vote on a cybersecurity bill, the partisan bickering on other issues shouldn't prove to be a roadblock. "Sometimes what you're looking for are legislative victories when can't get the big things," former Rep. Tom Davis says.
This week's top news and views: automobiles as potential hackers' target, unrealistic expectations for cyber awareness training and Social Security Administration faulted on lax IT security enforcement.
Federal regulators have published a final rule carrying out the Genetic Information Nondiscrimination Act, which prohibits the use of genetic information to make decisions about health insurance and employment.