Security Policies

BlueCross fine over breach related to HIPAA notification rule

By

The BlueCross BlueShield settlement with the Office for Civil Rights is a reminder for health care organizations to bolster their data security, experts said.

Australian gov't wins U.S. security award from SANS

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.

NIST releases continuous monitoring guidance

By

The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.

Federal security incidents shoot up 650 percent

By

Agencies reported a total of 41,776 cybersecurity incidents, compared to just 5,503 in 2006, according to a new GAO report.

Most businesses lack social media security controls

By

Just 32 percent of U.S. IT and IT security practitioners said their company has a policy that addresses the acceptable use of social media by employees in the workplace.

Breach law passes hurdle, but faces opposition

By

Another federal data breach notification bill has cleared a U.S. House subcommittee, but both parties are clashing over what constitutes personal information.

SC Congress Canada: Privacy can be embedded into legacy systems

By

By embedding privacy controls into legacy systems, organizations can minimize the risk of data loss and achieve greater levels of protection, Ann Cavoukian, information and privacy commissioner of Ontario, said Tuesday at SC Congress Canada in Toronto.

ETSI releases identity management specifications

By

The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.

Tax season: The IRS is the least of your concerns

Tax season: The IRS is the least of your concerns

With the April 18 tax deadline looming, security isn't top-of-mind for the employees in your finance, audit and operations departments.

FTC finalizes settlement with Twitter over privacy

By

The Federal Trade Commission late last week finalized a proposed settlement with Twitter, resolving charges that the social networking site failed to failed to properly safeguard the data and privacy of its users. As part of the settlement, announced in June, Twitter must create and maintain a comprehensive information security program and succumb to a third-party audit biennially for 10 years. Twitter was also barred for 20 years from misleading consumers about its security and privacy protections. Each subsequent violation may result in a penalty of up to $16,000. - AM

The cloud's dirty secret

The cloud's dirty secret

Enterprise security teams need to get involved early in the decision-making process in cloud initiatives.

Red Flags Rule will not apply to certain professions

By

Services providers such as lawyers, doctors and accountants will not have to comply with the Federal Trade Commission's Red Flags Rule.

Penn. Medicaid recipients' information on missing flash drive

By

Two health insurers said a flash drive containing the personal health information of hundreds of thousands of Pennsylvania Medicaid recipients has gone missing.

Internal threats double as attackers shift strategy

By

Cybercriminals are partnering with malicious insiders, according to a report from Verizon Business and the U.S. Secret Service.

FTC delays Red Flags Rule enforcement until end of year

By

The Federal Trade Commission is, for the fifth time, pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rule.

Report: Federal cybersecurity plan facing barriers

By

Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, according to a report released on Friday from the Government Accountability Office.

RSA Conference: White House declassifies U.S. cybersecurity initiative details

By

Howard Schmidt, the newly appointed White House cybersecurity coordinator, unveiled details on a Bush-era program to help secure the United States in cyberspace.

Study finds cyberthreats to be largest security concern

By

More than traditional crime, natural disasters and terrorism, the security threat that enterprise IT departments are most concerned with is cybercrime, according to a study by Symantec.

U.S. and Russian officials talk cyberissues

By

American and Russian officials recently met to discuss cybersecurity issues, such as collaboration among law enforcement bodies and the use of cyberweapons, the New York Times reported in its Saturday editions.

DHS secretary: Cybersecurity is shared burden

By

Cybersecurity is not the responsibility of one person or group since no one person is in charge of the internet, Department of Homeland Security Secretary Janet Napolitano said Tuesday.

House subcommittee passes cybersecurity R&D bill

By

The Cybersecurity Research and Development Amendments Act of 2009 would require federal agencies to develop cybersecurity research-and-development plans, as well as authorize grant funding and establish a scholarship program.

Security considerations critical in the cloud

By

IT departments are increasingly realizing the benefits of cloud security, but businesses must ask themselves a few questions before handing over control to a third-party.

Microsoft disputes password-stealing SQL Server bug

By

Researchers at a security company say they have discovered a vulnerability in Microsoft's SQL Server, but the software giant disputes the claim.

Can the president shut down the internet?

By

A revision to the Cybersecurity Act of 2009, the Rockefeller-Snowe draft bill in Congress, has drawn criticism because of concerns that it would give the president power to shut down the internet.

Purported malicious CD-ROMs actually part of pen test

By

A package sent to a credit union last week containing supposedly malicious CD-ROMs prompted a fraud alert from the National Credit Union Administration, but it was actually part of a penetration test.

Small businesses largely not PCI compliant

By

Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.

US-CERT director resigns, plans to work for RSA

By

Another top cybersecurity leader has stepped down - news that comes in the wake of similar high-profile government resignations and a still-vacant federal cybersecurity coordinator post.

Energy companies say NERC standards inadequate

By

Updated: Respondents in a recent survey noted a number of issues with NERC's cybersecurity standards, including ambiguity over what they require and a need for further strengthening.

2010 budgets to fund app security and DLP, study shows

By

If security budgets go up next year, pros will be using the additional cash to buy application security and DLP technologies, a new study shows.

DoD might reblock Facebook, Twitter

By

Three months ago after an Army order lifted the ban on certain social networking sites, the Department of Defense said it is again questioning whether it should restrict access to popular web destinations.

Sign up to our newsletters

POLL