Federal CIO Steven VanRoekel issues a memorandum ordering agency and departmental CIOs to use the new Federal Risk and Authorization Management Program to assess, authorize, procure and continuously monitor cloud computing offerings.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
A card compromise at a California-based grocery chain has raised questions about the efficacy of PCI-DSS. Experts say even if merchants are compliant, fraudsters can easily get around the security measures.
"Cybersecurity remains a priority for my administration, and we are committed to protecting our critical infrastructure by taking decisive action against cyberthreats," President Obama says in a proclamation designating December Critical Infrastructure Protection Month.
In addition to the negative publicity associated with being included on the federal tally of major health information breaches, some organizations are experiencing yet another impact of breaches: class action lawsuits.