The struggle is real as DoD moves from DIACAP to RMF. System owners are challenged to adopt technology that can address the more dynamic controls required by RMF.
Learn how to get help from defense agencies to monitor and assess their systems for RMF compliance by automating the gathering, analysis and reporting of...
Orwell got it wrong: People are less likely to surrender their privacy to a totalitarian state than to the lure of sharing holiday snaps, cat videos or the route and time they took for their latest cycling, jogging or kiteboarding outing, as captured by a wearable fitness device.
The White House, fearing China is spying on phone calls, has suggested that the U.S. government take a primary role in marshaling the development of secure 5G networks. But would nationalizing 5G networks make them more secure?
Technology giants are still struggling to identify what's at risk from the Spectre and Meltdown flaws in modern CPUs, never mind getting working security updates into users' hands. In the meantime, expect a rush by researchers to find more flaws in microprocessor code.
Federal regulator's recently issued draft for a "trusted exchange framework" aimed at propelling nationwide, secure, interoperable, query-based health data exchange is a complex proposal that requires careful analysis, says David Kibbe, M.D., CEO of DirectTrust.
Federal regulators have clarified that the use of texting to place orders, such as for medications or tests, on any platform - secure or not - is not allowed when treating Medicare and Medicaid patients. Security experts weigh in on key issues to consider when using texting for other purposes.
As the healthcare sector implements a variety of new applications and increasingly moves to the cloud, it has a fresh opportunity to address security, says Daniel Bowden, CISO at Sentara Healthcare, who discusses best practices.
This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism.
Simulated attacks by an information security testing firm have found that fresh WannaCry, NotPetya and EternalRocks would still rip through many an enterprise network. Here's how organizations must respond.
Ira "Gus" Hunt, a security expert who was formerly CTO at the CIA, analyzes why many large healthcare provider organizations plan to boost cybersecurity spending in 2018 and discusses the role of emerging technologies.
Fraudsters recently ordered a total of nine iPhones and Samsung S8s from Sprint and Verizon with my personal details. With the internet awash in stolen personally identifiable information, are mobile operators doing enough to prevent fraudulent orders?
An assessment on whether North Korea is behind the WannaCry ransomware attacks leads the latest edition of the ISMG Security Report. Also, the co-author of NIST's revised Trustworthy Email special publication discusses changes in the guidance.
In an information technology environment where personnel are taking on increasingly complex responsibilities, the key to ensuring security is still awareness training, says former U.S. CISO Gregory Touhill, who says he'd put his last dollar on it.
What does the title National Protection and Programs Directorate mean to you? It's not so clear, unless you are familiar with the Department of Homeland Security's organizational chart. To clarify its mission, the House has voted to rename - and revamp - the DHS agency.