HIPAA

A7290c5bd7bc2aaa7ea2b6c957ef639b

Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance

February 25, 2014 Added by:David Navetta

Payment card breaches are not 100% preventable, and for most merchants over time, are inevitable...As such, rather than focus solely on cumbersome security standards such as PCI-DSS, payment card breaches should be viewed more from an overall risk management perspective.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

The NIST Framework and what still needs to be done

February 24, 2014 Added by:Joe Weiss

The recently issued NIST Framework on CIP is a good basic top level document. It directly addresses ICS which is a great step forward and I am very happy to see IEC (ISA)-62443 liberally addressed. I believe the shortcoming is the lack of any actual requirements.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Highlights From Verizon PCI Report 2014

February 13, 2014 Added by:Anton Chuvakin

The vast majority of organizations are still not sufficiently mature in their ability to implement and maintain a quality, sustainable PCI Security compliance program.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Pre-Authorization Data Must be Protected

February 10, 2014 Added by:PCI Guru

Just because it is pre-authorization data does not mean that you are not required to protect it. The Council has made it very clear that it is to be protected with the same rigor as post-authorization data.

Comments  (5)

59d9b46aa00c70238bb89056cfeb96c0

Compliance Defense– The Movie

February 05, 2014 Added by:Thomas Fox

In honor of The Movie Channel’s annual 28 days of Oscar, the upcoming Academy Awards and inspired by Jay Rosen’s prior career and the FCPA Professor’s hypothetical discussion between a Chief Compliance Officer (CCO) and his Chief Executive Officer (CEO) last week...I thought I might write about 'Compliance Defense- The Movie.'

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

California Attorney General Files Lawsuit Based on Late Breach Notification

February 04, 2014 Added by:David Navetta

While the outcome of this lawsuit is uncertain, breach notification practitioners and companies that handle California personal information should keep an eye on this case and any rulings that come out of it.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

How serious is the Aurora vulnerability for nuclear plants?

February 04, 2014 Added by:Joe Weiss

This risk is certainly more probable than once in a million years which is the minimum criteria for the safety analysis to address specific threats.

Comments  (0)

6d117b57d55f63febe392e40a478011f

U.S. Intelligence Agencies Say Healthcare.gov May be Compromised

February 04, 2014 Added by:Anthony M. Freed

U.S. intelligence agencies warned the Department of Health and Human Services that the Healthcare.gov may have been compromised by contractors from Belarus who worked on developing code for the network who are suspected of inserting malicious code.

Comments  (1)

C787d4daae33f0e155e00c614f07b0ee

The Perils of Combining Security and Compliance

January 27, 2014 Added by:Robb Reck

There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.

Comments  (0)

6d117b57d55f63febe392e40a478011f

House Subcommittee Passes Legislation to Protect Critical Infrastructure

January 21, 2014 Added by:Anthony M. Freed

The House of Representatives Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies has passed a bill to bolster provisions to protect the nation’s critical infrastructure, moving it one step closure to full consideration.

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Lessons from a Soccer Manager for the Compliance Practitioner

January 21, 2014 Added by:Thomas Fox

Compliance leadership can take many forms and inspiration can come from many different sources.

Comments  (0)

54b393d8c5ad38d03c46d060fa365773

Security Advisor Alliance, A Nonprofit of Elite CISOs giving back to the community.

November 12, 2013 Added by:Jason Clark

Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.

Comments  (0)

Ae27d21943468124221937d59167fff8

The Ethics of Monitoring Your Employees

September 03, 2013 Added by:Edwin Covert

As the GAO report makes clear, organizations are well within their legal rights to monitor employee activity online when using organization information technology resources.

Comments  (1)

Ee445365f5f87ac6a6017afd9411a04a

What Magneto's Helmet and Non-ICFR SSAE 16 Controls have in Common

July 04, 2013 Added by:Jon Long

Recently I have had opportunities to observe several auditors defend why they believe the controls contained in their client's SSAE 16 reports are relevant to internal controls over financial reporting (ICFR).

Comments  (0)

483d57221cc733958be20869f1c7e400

HIPAA in Public Cloud: The Rules Have Been Set

July 03, 2013 Added by:Phil Cox

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) released the Omnibus Rule, which finalized all the former interim rules for Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) compliance.

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

Healthcare Interrupted - Top Five Vulnerabilities Hackers Can Use Right Now To Shut Down Medical Devices

June 24, 2013 Added by:Matt Neely

By performing penetration tests on hospital networks and medical devices, security researchers have found that many commonly used devices are insecure and can be easily compromised.

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »