Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
A strategic security analyst from Mandiant, the company that's examining recent hacks from the inside, explains why such cyber-assaults will likely intensify under the leadership of China's new president, Xi Jinping.
The new, much more objective guidance for reporting breaches that's included in the HIPAA omnibus rule will result in an increase in notifications, predicts privacy law expert Marcy Wilder.
In the aftermath of a data breach last year that affected 780,000 individuals, Utah legislators are considering a bill that would mandate state agencies identify and implement best practices for protecting data.
Susan McAndrew of the HHS Office for Civil Rights offers a detailed analysis of the final omnibus rule, which extensively modifies HIPAA and provides new guidance about when to report a breach.
New guidance on when to notify authorities of a breach is one of the most significant provisions in the HIPAA omnibus final rule, experts say. Find out what other provisions are drawing attention.
It will be a few years until many organizations reach a level of maturity with continuous monitoring. Getting there will take organizationwide acceptance, says George Schu of Booz Allen Hamilton.
With Congress facing $1.2 trillion in budget cuts, Federal Chief Information Officer Steven VanRoekel says funding for cybersecurity initiatives will likely be affected. But with smart planning, government information technology should not be placed at risk.
Many organizations are weighing whether cyber-insurance is a worthwhile investment. A decision on the type of policy to buy, and what it should cover, depends, in part, on the type of information that could be exposed.
A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
Hacktivist attacks against U.S. and Israeli sites illustrate a clear message. If you have unprotected web applications, you will suffer the consequences, says cybersecurity expert Amichai Shulman.
The Government Accountability Office is preparing a comprehensive analysis of the nation's cybersecurity strategy to determine its effectiveness in securing government IT and critical information infrastructures.
Most U.S. Defense Department contractors would be required to report a data breach to the Pentagon under provisions of the National Defense Authorization Act agreed to by a House-Senate conference committee.
The increase since 2006 in the number of IT security terms found in a new NIST glossary shows the importance of information security in the way we conduct business today.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.