June 16, 2014 Added by:Rebecca Herold
Organizations that access, in any way, some type of personal information will likely have data protection compliance requirements with which they must comply.
June 11, 2014 Added by:Joe Weiss
The story is that MANY ICSs are connected to the Internet and it isn’t expensive to find them.
June 05, 2014 Added by:InfosecIsland News
To prevent costly breaches such as this one from happening, Netwrix Corporation suggests the following best practices every health care organization or insurance provider should implement and maintain to ensure HIPAA compliance.
June 04, 2014 Added by:Joe Weiss
When people complain that operators are too focused on safety and reliability I don’t know whether to laugh or cry.
June 04, 2014 Added by:Stefano Mele
The U.S. Government Accountability Office (GAO) found that twenty-four major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents (a security breach of a computerized system and information).
May 01, 2014 Added by:Tripwire Inc
SARA (the Situational Awareness Reference Architecture) provides applicable steps for creating local and shared situational awareness.
March 31, 2014 Added by:Gilad Parann-Nissany
Any company or individual using cloud services today should encrypt data in addition to their firewall, anti-virus and other security measures. Incidentally, it is also encouraged by regulation in several sensitive sectors, notably businesses in the health industry under HIPAA patient and data privacy laws and the payment card industry under PCI DSS standards.
February 25, 2014 Added by:David Navetta
Payment card breaches are not 100% preventable, and for most merchants over time, are inevitable...As such, rather than focus solely on cumbersome security standards such as PCI-DSS, payment card breaches should be viewed more from an overall risk management perspective.
February 24, 2014 Added by:Joe Weiss
The recently issued NIST Framework on CIP is a good basic top level document. It directly addresses ICS which is a great step forward and I am very happy to see IEC (ISA)-62443 liberally addressed. I believe the shortcoming is the lack of any actual requirements.
Paying Lip Service (Mostly) to User Educatio... Electra Melina on 01-29-2015
Digital Reputation: Can’t Buy it, Gotta Ea... Eden Connie on 01-29-2015
Writing Mandatory Procedures for ISO 27001 /... sarakfeely B on 01-29-2015