HHS OIG Launches Cybersecurity Web Page

Data Breach Today

Site Highlights Watchdog Agency's Cyber Activities A Department of Health and Human Services watchdog agency has launched a new web page to draw attention to the growing importance of its cybersecurity-related activities, ranging from security audits to fraud investigations

FDA Reveals Steps to Bolster Medical Device Cybersecurity

Data Breach Today

Yet Another IoT Cybersecurity Document

Schneier on Security

This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks." cybersecurity internetofthings nistIt's still in draft. Remember, there are many others.

SEC Releases Updated Cybersecurity Guidance

Data Breach Today

Securities and Exchange Commission has released revised guidance "to assist public companies in preparing disclosures about cybersecurity risks and incidents." Regulator Demands More Risk Disclosure, Better Insider Trading Policies The U.S.

White House Eliminates Cybersecurity Position

Schneier on Security

The White House has eliminated the cybersecurity coordinator position. cybersecurity intelligence nationalsecuritypolicyThis seems like a spectacularly bad idea.

Embracing Change in Cybersecurity

Data Breach Today

Tom Kellerman of Carbon Black on Ovecoming Failing Architectures Security leaders need to embrace security change to overcome failing architectures that have evolved over the last decade, says Tom Kellerman, chief cybersecurity officer at Carbon Black

Critical Elements of a Solid Cybersecurity Program

Data Breach Today

Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Systems, who formerly was CISO at Vanderbilt University and Medical Center

Why Cybersecurity Is Critical to Healthcare Innovation

Data Breach Today

Groups Offer Feedback on HHS's Plans for Workgroup Focused on Spurring Investments As the Department of Health and Human Services explores how to spur innovation and investment in the healthcare sector, cybersecurity is among top issues that need to be addressed, some industry organizations stress

Healthcare Cybersecurity: Helping the Little Guy

Data Breach Today

Group Pushes for Changes in Federal Rules to Pave the Way for Donations Federal regulators are being asked to relax anti-kickback rules so that resource-strapped healthcare providers can accept certain donations or subsidies of cybersecurity products and services

HIMSS18: Cybersecurity Takeaways

Data Breach Today

Insights From Interviews With CISOs, Regulators What's on the minds of healthcare CISOs these days when it comes to cybersecurity challenges and initiatives? Here's a rundown of insights from the big HIMSS18 conference

Cybersecurity Insurance: How Underwriting Is Changing

Data Breach Today

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients

8 Highlights: Scottish 'Big Data' Cybersecurity Conference

Data Breach Today

Cloud Forensics, Fraud, Extortion and Cyber Sociology Dominate Edinburgh Event What are hot cybersecurity topics in Scotland?

Addressing the Lack of Diversity in Cybersecurity

Data Breach Today

Accenture Security's Tammy Moskites Discusses Efforts to Attract More Women to the Field Tammy Moskites, managing director at Accenture Security, outlines initiatives to attract more women into the field of cybersecurity

Digital Transformation and Cybersecurity's Burden

Data Breach Today

Insights From Jonathan Nguyen-Duy of Fortinet "Digital transformation" is the theme of the year, but it comes with specific cybersecurity challenges - and they put a new burden squarely on the shoulders of the CISO, says Fortinet's Jonathan Nguyen-Duy

The 'New Science' of Cybersecurity

Data Breach Today

NTT Security's Khiro Mishra and Don Gray Discuss a New Approach What is the "new science" of cybersecurity? Khiro Mishra and Don Gray of NTT Security describe the approach

Cybersecurity Insurance

Schneier on Security

breaches cybersecurity insuranceGood article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is.

White House Axes Top Cybersecurity Job

Data Breach Today

Critics Say Cybersecurity Demands Greater Prominence in Federal Government The Trump administration has eliminated the top cybersecurity coordinator role in the White House. The decision has earned a sharp rebuke from lawmakers and former government officials, who say cybersecurity demands a greater - not lesser - prominence in the federal government

DHS Issues More Medical Device Cybersecurity Alerts

Data Breach Today

The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. Why Are Such Warnings Becoming More Common? These warnings have come after independent researchers, or the companies themselves, have reported the problems

Cybersecurity or Information Governance Failure???

Getting Information Done

Was it a failure of Cybersecurity professionals? Surely, Cybersecurity professionals jumped into action and started patching all the machines on their networks to prevent an infection by WannaCry!

HIMSS18: Cybersecurity Take-Aways

Data Breach Today

Insights From Interviews With CISOs, Regulators What's on the minds of healthcare CISOs these days when it comes to cybersecurity challenges and initiatives? Here's a rundown of insights from the big HIMSS18 conference

The Poor Cybersecurity of US Space Assets

Schneier on Security

academicpapers cybersecurity nationalsecuritypolicyGood policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems.

Highlighting the Chinese Cybersecurity Law

Data Matters

Former Department of Homeland Security Chief Privacy Officer Hugo Teufel III and Sidley’s Edward McNicholas addressed a packed room on Chinese Cybersecurity Law at the 2018 Privacy + Security Forum hosted at George Washington University. In particular, China has been creating a materially different approach to cybersecurity which serves the central purpose of defending the Chinese notion of cyber sovereignty.

The Reaction to New White House Cybersecurity Strategy

Data Breach Today

Leading the latest edition of the ISMG Security Report: The reaction to the recently released White House cybersecurity strategy. Also featured: A discussion of GDPR's impact on class action lawsuits

HIMSS18: The Cybersecurity Agenda

Data Breach Today

A Look at What's Available at This Year's Biggest Health IT Event Cybersecurity will again be in the spotlight at this year's Healthcare Information and Management Systems Society conference, March 5 to 9 in Las Vegas. The event will feature numerous CISO presentations, updates from regulators and displays of the latest technologies

Cybersecurity Awareness Month Blog Series: It’s Cybersecurity Awareness Month – advice to SMBs

Thales Data Security

This October marks the 15 th year of Cybersecurity Awareness Month. When it comes to cybersecurity, the difference between an enterprise organization and an SMB is just size. When thinking about your cybersecurity audit, strategy and solutions there’s help through the channel.

How to Use the NIST Cybersecurity Framework

Data Breach Today

Specific Actions for Organizations to See Success in their Cybersecurity Programs By focusing on the cybersecurity actions, NIST CSF can be flexibly deployed regardless of the setting or industry

FDA to Ramp Up Medical Device Cybersecurity Scrutiny

Data Breach Today

New OIG Report Spells Out Need for Better Premarket Reviews The Food and Drug Administration should increase its scrutiny of the cybersecurity of networked medical devices before they're approved to be marketed, a new government watchdog agency report says.

Florida's Approach to Training Cybersecurity Specialists

Data Breach Today

Universities throughout Florida are adding more cybersecurity courses in an effort to better train the next generation of practitioners, says Ernie Ferraresso of the Florida Center for Cybersecurity, which recently provided a second round of funding for the effort

Tracking Cybersecurity Threats in Manufacturing

Data Breach Today

With the rise of the industrial internet of things comes a far broader attack surface in the manufacturing sector. Chris Morales of Vectra outlines findings of a new report on cyberattack trends in the manufacturing sector

Significant Changes Coming to NIST Cybersecurity Framework

Data Breach Today

government's Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the NIST cybersecurity framework. The latest ISMG Security Report focuses on the significant changes found in the latest version of the U.S. NIST seeks comments from stakeholders on the draft of version 1.1 of the framework by Jan.

Cybersecurity M&A Roundup: PhishMe, Phantom Acquired

Data Breach Today

PhishMe Becomes 'Cofense' After It's Purchased; Splunk Buys Phantom Cybersecurity company mergers and acquisitions continue. Among the major deals: The sale of PhishMe to a privacy equity syndicate and Splunk's purchase of Phantom.

Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

Threatpost

Cloud Security Critical Infrastructure IoT Vulnerabilities Web Security ai anomaly detection artificial intelligence cybercriminals Cybersecurity SecurityAttractive to both white-hats and cybercriminals, AI's role in security has yet to find an equilibrium between the two sides.

Expect More Cybersecurity 'Meltdowns'

Data Breach Today

After Meltdown and Spectre, Researchers Will Pummel Microprocessors for Flaws Technology giants are still struggling to identify what's at risk from the Spectre and Meltdown flaws in modern CPUs, never mind getting working security updates into users' hands. In the meantime, expect a rush by researchers to find more flaws in microprocessor code

Cybersecurity

InfoGovNuggets

Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked. How do you ensure your business continues to operate if its cybersecurity is breached? It’s not just sending notices to affected customers and paying for credit watches. “Banks Create Cyber Doomsday System,” The Wall Street Journal , December 4, 2017 B1.

5 Trends Cybersecurity Practitioners Must Address in 2018

Data Breach Today

A look ahead at five trends that should have a significant impact on cybersecurity in 2018 is featured in the final ISMG Security Report for 2017. Cybersecurity and privacy thought leader Christopher Pierson forecasts the likely occurrences

Trends 139

Cybersecurity Awareness Month Blog Series: Leading the cybersecurity jobs of the future

Thales Data Security

This October marks the 15 th annual National Cybersecurity Awareness Month (NCSAM) – an initiative to raise awareness around the importance of cybersecurity. 8-12): Millions of Rewarding Jobs: Educating for a Career in Cybersecurity.

Vietnam Approves New Cybersecurity Law

Hunton Privacy

On June 12, 2018, Vietnam’s parliament approved a new cybersecurity law that contains data localization requirements, among other obligations. The law also requires social media companies to remove offensive content from their online service within 24 hours at the request of the Ministry of Information and Communications and the Ministry of Public Security’s cybersecurity task force.

Why Cybersecurity Pros Should Care About Governance

Getting Information Done

Cybersecurity is a strategic priority for most organizations. We’ve all heard for years that information technology (IT) and cybersecurity require people, process, and technology; however, over the years, “people” and “process” have not received the same attention as “technology.”

Trailblazing CISO Stephen Katz Offers Cybersecurity Insights

Data Breach Today

Stephen Katz emphasizes, first and foremost, that cybersecurity must be treated as a business risk management issue rather than a technology issue. What advice does the world's first CISO have for the current generation of CISOs? He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15

Board Oversight of Cybersecurity Risks

Data Matters

In her regular column on corporate governance issues, Holly Gregory discusses the rapidly changing cybersecurity landscape, and the role of the board in addressing cybersecurity risks to the company. The post Board Oversight of Cybersecurity Risks appeared first on Data Matters Privacy Blog. Cybersecurity Information Security Policy*This article originally appeared in Practical Law Journal July/August 2018.

A More Dynamic Approach to Cybersecurity

Data Breach Today

Data science is playing a fundamental role in a more dynamic approach to cybersecurity, says Jim Routh, CISO of Aetna, who stresses the importance of applying machine learning to front-line data security controls. Routh will be a featured speaker at the ISMG Security Summit in New York Aug. 14-15

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. I met with Skelly at Black Hat USA 2018 and we had a thoughtful discussion about a couple of prominent cybersecurity training issues: bringing diversity into AI systems and closing the cybersecurity skills gap. But that’s a ways off, especially in cybersecurity. “I At this juncture there happens to be a shortage of cybersecurity talent.

Banking and Finance: Cybersecurity Challenges

Data Breach Today