Auditors have once again rated the Department of Health and Human Services' information security program as "not effective," citing several areas of weaknesses, including issues related to risk management, information security continuous monitoring and contingency planning.
Our security experts predict an action-packed year, and suggest you buckle your seatbelt. Get the latest on key trends, including:
Ransomware + supply chain = big new challenges.
Are cloud providers too ripe a target?
Threat intel is in for a makeover.
Most of what you need to know about security you’ve...
As the U.S. Congress continues to push for a strengthening of FISMA, lawmakers held a hearing with former government cybersecurity officials on Tuesday, all of whom expressed a need to update the law, last modified in 2014, and focus more on outcomes than on processes and compliance.
Complex IT ecosystems coupled with fragile security protocols leave companies vulnerable to security attacks. As companies move towards Zero Trust, microsegmentation solutions help protect against unknown exposures on the network. Organizations are continuously responding to changes in the cybersecurity landscape and...
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Most federal executive branch agencies in the U.S. now have vulnerability disclosure policies. John Jackson and Jackson Henry of the security research group Sakura Samurai say those policies ensure they don't get into legal trouble for helping improve cybersecurity.
John O'Driscoll is the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants. He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk.
Threat actors are focusing a lot on Active Directory today as it is a path for them to reach an organisations key data & applications. The versatility of Active Directory makes it a crucial target for hackers. Organisations learn new ways on how to protect this valuable target and mitigate the risks. Organisations...
Wendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings.
Modern software applications contain many complexities that challenge testing requirements and security teams. A variety of elements including custom/proprietary code, open source components, and application configuration pose challenges for independent verification and validation (IV&V) and audit and testing teams.
Cybersecurity is a legitimate - and significant - business risk, and it's time to frame the topic appropriately, says Robert Hill, CEO of Cyturus. He shares insight on how to discuss cyber risk appropriately with C-level leadership and the board of directors.
It's not news that the digital economy is changing all the rules for IT, which has to deliver the infrastructure and apps that business stakeholders demand. And they have to do it fast without compromising security. That's why it so important to have a modern data center.
Learn what defines a modern data center and...
In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.
Despite significant investments in common DLP and analytics technologies, breaches and theft of sensitive data continue to rise. This is because the data itself is only monitored, not protected. But what are the gaps in your current technology investments and how can they be filled?
To ensure data security and...
What will be the impact of the leak of investigatory documents from FinCEN - the U.S. Treasury Department's Financial Crimes Enforcement Network? For starters, experts warn that FinCEN reports may reveal sensitive information tied to banks and law enforcement agencies' investigatory tools and tactics.