Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
Establishing an effective breach incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations and leaders implement such a program.
Healthcare breach statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.
The Europay, MasterCard, Visa standard, commonly used in most global markets, is coming to the U.S. The sooner issuers, acquirers and merchants initiate migrations, the better, says Stephanie Ericksen, head of authentication product integration at Visa.
Notifying patients about a healthcare information breach requires a "difficult balancing act" by entities to ensure that risks are not exaggerated, says attorney Robert Belfort, an expert in HIPAA compliance, fraud and abuse.