In the constant struggle to manage the other five pillars - identify, protect, detect, respond and recover - security leaders often do not have governance at top of mind, said Netography CEO Martin Roesch, but he added, "Good governance is the root of having good security."
Security organizations in the APAC region need to adopt widely recognized frameworks consistently ensure digital trust and protect privacy, according to a panel of experts from the APAC region. Industry certifications are a good investment for improving security programs and business resilience.
Healthcare entities need to think more strategically about managing risk by implementing a robust cybersecurity framework such as the National Institute of Standards and Technology's CSF, said Bob Bastani, cybersecurity adviser at the Department of Health and Human Services.
The Department of Health and Human Services and the Health Sector Coordinating Council on Wednesday published an updated toolkit that aims to help healthcare entities align security programs with the National Institute of Standards and Technology's Cybersecurity Framework.
As data extends well beyond on-premises infrastructure into multi-cloud and hybrid cloud environments, IT and security teams are looking for ways to better manage the entire data lifecycle. A key piece of these efforts is to reduce risk without compromising user productivity.
A variety of technology and tools exists...
U.S. President Joe Biden signed into law the Quantum Computing Cybersecurity Preparedness Act, designed "to encourage the migration of federal government IT systems to quantum-resistant cryptography" by ensuring they prepare strategies now for implementing forthcoming cryptography standards.
Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
Achieving Zero Trust compliance can feel like an ever-growing to-do list as regulatory requirements are continuously updated, often difficult to understand, and even harder to implement. If you don’t know where to start, some of the most basic yet difficult challenges can include trying to monitor and measure the...
A White House agency today told U.S. federal government IT vendors they must attest to using secure software development techniques. Self-attestation "is a bit of a compliance activity, but it's a pretty light compliance activity," says former federal CISO Grant Schneider.
For Cloud Service Providers (CSPs), FedRAMP authorization is the key to accessing the enormous Federal market, tapping into new revenue streams, and making cloud service offerings available for agency adoption and expansion. However, the associated high costs, extensive timelines, and operational burdens can often be...
New draft guidance from the National Institute of Standards and Technology - if properly applied by HIPAA regulated entities - could help organizations avoid fines and similar enforcement actions by regulators in the wake of breaches, some experts say.
The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.
Identity experts urge the Biden administration to accelerate the deployment of mobile driver's licenses and ensure identity theft victims get direct assistance. These are among the four items experts say must be added to an upcoming executive order focused on preventing and detecting identity theft.
On the cusp of 2022, John Kindervag - the father of the Zero Trust security model - reflects on how the Zero Trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?