Security Policies News, Articles and Updates
The BlueCross BlueShield settlement with the Office for Civil Rights is a reminder for health care organizations to bolster their data security, experts said.
An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.
Agencies reported a total of 41,776 cybersecurity incidents, compared to just 5,503 in 2006, according to a new GAO report.
Just 32 percent of U.S. IT and IT security practitioners said their company has a policy that addresses the acceptable use of social media by employees in the workplace.
Another federal data breach notification bill has cleared a U.S. House subcommittee, but both parties are clashing over what constitutes personal information.
By embedding privacy controls into legacy systems, organizations can minimize the risk of data loss and achieve greater levels of protection, Ann Cavoukian, information and privacy commissioner of Ontario, said Tuesday at SC Congress Canada in Toronto.
The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.
With the April 18 tax deadline looming, security isn't top-of-mind for the employees in your finance, audit and operations departments.
The Federal Trade Commission late last week finalized a proposed settlement with Twitter, resolving charges that the social networking site failed to failed to properly safeguard the data and privacy of its users. As part of the settlement, announced in June, Twitter must create and maintain a comprehensive information security program and succumb to a third-party audit biennially for 10 years. Twitter was also barred for 20 years from misleading consumers about its security and privacy protections. Each subsequent violation may result in a penalty of up to $16,000. - AM
Enterprise security teams need to get involved early in the decision-making process in cloud initiatives.
Services providers such as lawyers, doctors and accountants will not have to comply with the Federal Trade Commission's Red Flags Rule.
Two health insurers said a flash drive containing the personal health information of hundreds of thousands of Pennsylvania Medicaid recipients has gone missing.
Cybercriminals are partnering with malicious insiders, according to a report from Verizon Business and the U.S. Secret Service.
The Federal Trade Commission is, for the fifth time, pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rule.
Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, according to a report released on Friday from the Government Accountability Office.
Howard Schmidt, the newly appointed White House cybersecurity coordinator, unveiled details on a Bush-era program to help secure the United States in cyberspace.
More than traditional crime, natural disasters and terrorism, the security threat that enterprise IT departments are most concerned with is cybercrime, according to a study by Symantec.
American and Russian officials recently met to discuss cybersecurity issues, such as collaboration among law enforcement bodies and the use of cyberweapons, the New York Times reported in its Saturday editions.
Cybersecurity is not the responsibility of one person or group since no one person is in charge of the internet, Department of Homeland Security Secretary Janet Napolitano said Tuesday.
The Cybersecurity Research and Development Amendments Act of 2009 would require federal agencies to develop cybersecurity research-and-development plans, as well as authorize grant funding and establish a scholarship program.
IT departments are increasingly realizing the benefits of cloud security, but businesses must ask themselves a few questions before handing over control to a third-party.
Researchers at a security company say they have discovered a vulnerability in Microsoft's SQL Server, but the software giant disputes the claim.
A revision to the Cybersecurity Act of 2009, the Rockefeller-Snowe draft bill in Congress, has drawn criticism because of concerns that it would give the president power to shut down the internet.
A package sent to a credit union last week containing supposedly malicious CD-ROMs prompted a fraud alert from the National Credit Union Administration, but it was actually part of a penetration test.
Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.
Another top cybersecurity leader has stepped down - news that comes in the wake of similar high-profile government resignations and a still-vacant federal cybersecurity coordinator post.
Updated: Respondents in a recent survey noted a number of issues with NERC's cybersecurity standards, including ambiguity over what they require and a need for further strengthening.
If security budgets go up next year, pros will be using the additional cash to buy application security and DLP technologies, a new study shows.
Three months ago after an Army order lifted the ban on certain social networking sites, the Department of Defense said it is again questioning whether it should restrict access to popular web destinations.
SC Magazine Articles
- Three zero-days found in iOS, Apple suggests users update their iPhone
- MedSec goes its own way with medical device flaw
- Voter databases in two states breached by foreign hackers, FBI
- Ransomware: The evolution of cybercrime, a roundtable
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!
- SWIFT warns of new attacks, pushes for security upgrades
- Paypal users targeted in new angler phishing scam, Proofpoint report
- Dropbox commended for its handling of massive data breach involving 68M users
- Google refuses to patch alleged login page flaw
- RIPPER malware suspected behind $350K Thailand ATM heist, report