Congress Approves New DHS Cybersecurity Agency

Data Breach Today

Bill Creating Cybersecurity and Infrastructure Security Agency Awaits President's Signature The United States will soon officially have a single agency that takes the lead role for cybersecurity.

Highlights of NIST Cybersecurity Framework Version 1.1

Data Breach Today

Solving 3rd Party Cybersecurity Risk

Data Breach Today

Your organization's risk surface may be larger than you think. Your organization's risk surface is larger than you think. How can you get a handle on what risks exist, where they reside, and which ones are most important to resolve immediately

Risk 139

FDA Reveals Steps to Bolster Medical Device Cybersecurity

Data Breach Today

HHS OIG Launches Cybersecurity Web Page

Data Breach Today

Site Highlights Watchdog Agency's Cyber Activities A Department of Health and Human Services watchdog agency has launched a new web page to draw attention to the growing importance of its cybersecurity-related activities, ranging from security audits to fraud investigations

SEC Releases Updated Cybersecurity Guidance

Data Breach Today

Securities and Exchange Commission has released revised guidance "to assist public companies in preparing disclosures about cybersecurity risks and incidents." Regulator Demands More Risk Disclosure, Better Insider Trading Policies The U.S.

Yet Another IoT Cybersecurity Document

Schneier on Security

This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks." cybersecurity internetofthings nistIt's still in draft. Remember, there are many others.

White House Eliminates Cybersecurity Position

Schneier on Security

The White House has eliminated the cybersecurity coordinator position. cybersecurity intelligence nationalsecuritypolicyThis seems like a spectacularly bad idea.

The Push to Allow Cybersecurity Technology Donations

Data Breach Today

Advisory Council Seeks Changes in Law to Help Smaller Healthcare Providers Improve Security An advisory council is again urging the Department of Health and Human Services to allow certain donations of cybersecurity technology and services to smaller healthcare providers.

A View of Cybersecurity's Future

Data Breach Today

Gigamon's Kim DeCarlis on What Needs to be Done Today to Better Secure Tomorrow As recent breaches attest, today's approaches to cybersecurity are insufficient. Kim DeCarlis of Gigamon offers her views on what organizations must do differently to ensure stronger cybersecurity postures

FDA Calls for 'Cybersecurity Bill of Materials' for Devices

Data Breach Today

HIMSS18: Cybersecurity Takeaways

Data Breach Today

Insights From Interviews With CISOs, Regulators What's on the minds of healthcare CISOs these days when it comes to cybersecurity challenges and initiatives? Here's a rundown of insights from the big HIMSS18 conference

Compliance to Cybersecurity Requirements and False Claims Act

Security Affairs

There’s a growing risk of companies receiving substantial fines for not complying with cybersecurity standards under False Claims Act. The Link Between the False Claims Act and Cybersecurity. A Lack of Cybersecurity Best Practices Could Cause Obstacles.

Critical Elements of a Solid Cybersecurity Program

Data Breach Today

Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Systems, who formerly was CISO at Vanderbilt University and Medical Center

Cybersecurity at the Core

Dark Reading

For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail

Digital Transformation and Cybersecurity's Burden

Data Breach Today

Insights From Jonathan Nguyen-Duy of Fortinet "Digital transformation" is the theme of the year, but it comes with specific cybersecurity challenges - and they put a new burden squarely on the shoulders of the CISO, says Fortinet's Jonathan Nguyen-Duy

Why Cybersecurity Is Critical to Healthcare Innovation

Data Breach Today

Groups Offer Feedback on HHS's Plans for Workgroup Focused on Spurring Investments As the Department of Health and Human Services explores how to spur innovation and investment in the healthcare sector, cybersecurity is among top issues that need to be addressed, some industry organizations stress

The 'New Science' of Cybersecurity

Data Breach Today

NTT Security's Khiro Mishra and Don Gray Discuss a New Approach What is the "new science" of cybersecurity? Khiro Mishra and Don Gray of NTT Security describe the approach

Cybersecurity Insurance

Schneier on Security

breaches cybersecurity insuranceGood article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is.

Cybersecurity Insurance: How Underwriting Is Changing

Data Breach Today

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients

Healthcare Cybersecurity: Helping the Little Guy

Data Breach Today

Group Pushes for Changes in Federal Rules to Pave the Way for Donations Federal regulators are being asked to relax anti-kickback rules so that resource-strapped healthcare providers can accept certain donations or subsidies of cybersecurity products and services

Addressing the Lack of Diversity in Cybersecurity

Data Breach Today

Accenture Security's Tammy Moskites Discusses Efforts to Attract More Women to the Field Tammy Moskites, managing director at Accenture Security, outlines initiatives to attract more women into the field of cybersecurity

Cybersecurity or Information Governance Failure???

Getting Information Done

Was it a failure of Cybersecurity professionals? Surely, Cybersecurity professionals jumped into action and started patching all the machines on their networks to prevent an infection by WannaCry!

8 Highlights: Scottish 'Big Data' Cybersecurity Conference

Data Breach Today

Cloud Forensics, Fraud, Extortion and Cyber Sociology Dominate Edinburgh Event What are hot cybersecurity topics in Scotland?

White House Axes Top Cybersecurity Job

Data Breach Today

Critics Say Cybersecurity Demands Greater Prominence in Federal Government The Trump administration has eliminated the top cybersecurity coordinator role in the White House. The decision has earned a sharp rebuke from lawmakers and former government officials, who say cybersecurity demands a greater - not lesser - prominence in the federal government

HIMSS18: Cybersecurity Take-Aways

Data Breach Today

Insights From Interviews With CISOs, Regulators What's on the minds of healthcare CISOs these days when it comes to cybersecurity challenges and initiatives? Here's a rundown of insights from the big HIMSS18 conference

DHS Issues More Medical Device Cybersecurity Alerts

Data Breach Today

The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. Why Are Such Warnings Becoming More Common? These warnings have come after independent researchers, or the companies themselves, have reported the problems

Embracing the Cybersecurity ‘Grey Space’

Threatpost

Hacks InfoSec Insider Vulnerabilities Cybersecurity digital assets Grey Space HR system machine intelligenceSecurity teams carefully monitor potential threat activity, but incidents aren’t always black and white.

Cybersecurity Threats Keep Evolving, Research Shows

eSecurity Planet

We examine 11 important cybersecurity research reports released in November -- and the controls organizations should consider

HIMSS18: The Cybersecurity Agenda

Data Breach Today

A Look at What's Available at This Year's Biggest Health IT Event Cybersecurity will again be in the spotlight at this year's Healthcare Information and Management Systems Society conference, March 5 to 9 in Las Vegas. The event will feature numerous CISO presentations, updates from regulators and displays of the latest technologies

The Poor Cybersecurity of US Space Assets

Schneier on Security

academicpapers cybersecurity nationalsecuritypolicyGood policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems.

How to Use FDA's Medical Device Cybersecurity 'Playbook'

Data Breach Today

aims to assist healthcare delivery organizations in responding to cybersecurity incidents involving medical devices. A new "playbook" co-developed by the Food and Drug Administration and Mitre Corp. Julie Connolly, who helped develop the guide, explains how to use it

How to Use the NIST Cybersecurity Framework

Data Breach Today

Specific Actions for Organizations to See Success in their Cybersecurity Programs By focusing on the cybersecurity actions, NIST CSF can be flexibly deployed regardless of the setting or industry

Florida's Approach to Training Cybersecurity Specialists

Data Breach Today

Universities throughout Florida are adding more cybersecurity courses in an effort to better train the next generation of practitioners, says Ernie Ferraresso of the Florida Center for Cybersecurity, which recently provided a second round of funding for the effort

FTC Offers Small Businesses Free Cybersecurity Resources

Dark Reading

Cybersecurity for Small Businesses campaign kicks off

Significant Changes Coming to NIST Cybersecurity Framework

Data Breach Today

government's Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the NIST cybersecurity framework. The latest ISMG Security Report focuses on the significant changes found in the latest version of the U.S. NIST seeks comments from stakeholders on the draft of version 1.1 of the framework by Jan.

Cybersecurity

InfoGovNuggets

Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked. How do you ensure your business continues to operate if its cybersecurity is breached? It’s not just sending notices to affected customers and paying for credit watches. “Banks Create Cyber Doomsday System,” The Wall Street Journal , December 4, 2017 B1.

Cybersecurity M&A Roundup: PhishMe, Phantom Acquired

Data Breach Today

PhishMe Becomes 'Cofense' After It's Purchased; Splunk Buys Phantom Cybersecurity company mergers and acquisitions continue. Among the major deals: The sale of PhishMe to a privacy equity syndicate and Splunk's purchase of Phantom.

The Reaction to New White House Cybersecurity Strategy

Data Breach Today

Leading the latest edition of the ISMG Security Report: The reaction to the recently released White House cybersecurity strategy. Also featured: A discussion of GDPR's impact on class action lawsuits

Expect More Cybersecurity 'Meltdowns'

Data Breach Today

After Meltdown and Spectre, Researchers Will Pummel Microprocessors for Flaws Technology giants are still struggling to identify what's at risk from the Spectre and Meltdown flaws in modern CPUs, never mind getting working security updates into users' hands. In the meantime, expect a rush by researchers to find more flaws in microprocessor code

7 Real-Life Dangers That Threaten Cybersecurity

Dark Reading

Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs. What’s noteworthy, from my perspective, is that Snyder had the foresight to make cybersecurity readiness a key component of his reinvent Michigan strategy, from day one.

Why Cybersecurity Pros Should Care About Governance

Getting Information Done

Cybersecurity is a strategic priority for most organizations. We’ve all heard for years that information technology (IT) and cybersecurity require people, process, and technology; however, over the years, “people” and “process” have not received the same attention as “technology.”