Many security incidents that affect the nation's critical infrastructure go unnoticed due to a lack of sufficient detection or logging capabilities, according to a new report, which calls for enhanced monitoring and reporting of incidents.
A law firm has developed a free iPhone app, Data Breach 411, to help organizations with breach notification compliance. The app provides links to 46 state data breach notification laws, relevant federal statutes and other resources.
You'd think that preventing damage caused by cyber-attacks would be incentive enough to get organizations to adopt cybersecurity best practices. But the government is working with industry to develop incentives to encourage adoption.
A new guide from WEDI offers some basic tips for organizations assessing incidents under the HIPAA Omnibus breach notification rule. But it's important to address additional factors for effective beach assessment and response, two experts say.
Despite their differences on certain issues, the Financial Services Roundtable and the Retail Industry Leaders Association have joined forces in an effort to prevent breaches by enhancing cybersecurity and threat intelligence sharing.
Many endpoints in the healthcare sector, including medical devices, are being hacked because of inadequate security, according to a new study from the SANS Institute that identified apparent vulnerabilities at 375 organizations.
Forbes and Kickstarter have fallen victim to apparently unrelated cyber-attacks that have compromised user accounts. The companies are urging users to reset their passwords and monitor for any suspicious activity.
Merrill Halpern of the United Nations Federal Credit Union, a pioneer in the use of chip cards, says high-profile retail breaches reinforce the long-term value of EMV for various forms of payment within the U.S.
Healthcare organizations can take several key steps to help avoid the scrutiny of their state's attorney general and defend against possible class action lawsuits in the aftermath of data breaches, says privacy attorney David Navetta.
Now that the cybersecurity framework has been released, security experts are pondering whether the voluntary approach to following the guidance might eventually need to be replaced by some sort of mandate.