The latest version of the Trump administration's draft cybersecurity executive order would direct the federal government to take a risk-based approach to IT security and hold agency heads responsible for the security of their organizations' IT assets.
CA Technologies has announced plans to snap up application security testing vendor Veracode for $614 million cash, to offer SaaS-based application security testing. The move signals that secure coding - and agile-inflected DevOps - is hot. But will it come in time to secure the internet of things?
The U.S. government has opted to drop an indictment against a child pornography suspect rather than reveal the software exploit used to identify him. The case highlights how the use of legal hacking techniques by law enforcement agencies can create complications in court.
Federal prosecutors have filed criminal charges against 16 individuals who were allegedly part of a $60 million healthcare fraud case involving falsifying electronic health records of hospice patients. Do EHRs make it easier to commit - and investigate - healthcare fraud?
Leading the latest edition of the ISMG Security Report: The death of former White House Cybersecurity Coordinator Howard Schmidt, and a report on legislation to strengthen the influence of the National Institute of Standards and Technology on federal civilian agencies.
In the history of data breaches, Cloudflare's recent breach was strikingly unique, in that a software bug caused a random regurgitation of data from server memory. But a postmortem from CEO Matthew Prince should put most people's concerns to rest.
Vice President Mike Pence used a personal AOL email account while governor of Indiana to conduct official business, and his account was hacked. Live by the private email account, die by the private email account?
The Department of Health and Human Services is making progress in improving its information security practices, but it still has gaps that put sensitive data at risk for compromise, according to a new watchdog agency report. Experts say those same gaps are pervasive at many healthcare organizations.
Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches at the search giant found that the company's senior executives and legal team failed to properly comprehend or investigate the severity of the attacks.
A divided House committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework.
For any of the tens of thousands of organization that may be smarting from this week's Amazon Web Services and Simple Storage Solution (S3) outage, take the following advice to heart: "You must kill your darlings."
An attack on a database used by Emory Healthcare for patient appointments is the largest health data breach reported to federal regulators so far in 2017. The incident spotlights a persistent problem facing a growing number of organizations that use misconfigured MongoDB and other similar databases.
Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to show the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered - and likely amended - by a House committee.
Déjà vu "smart toy" information security fail: Spiral Toys, maker of internet-connected CloudPets, is under fire for exposing 821,000 user records online - now being ransomed - as well as links to 2.2 million parents' and children's voice recordings.