Healthcare entities need to think more strategically about managing risk by implementing a robust cybersecurity framework such as the National Institute of Standards and Technology's CSF, said Bob Bastani, cybersecurity adviser at the Department of Health and Human Services.
The Department of Health and Human Services and the Health Sector Coordinating Council on Wednesday published an updated toolkit that aims to help healthcare entities align security programs with the National Institute of Standards and Technology's Cybersecurity Framework.
U.S. President Joe Biden signed into law the Quantum Computing Cybersecurity Preparedness Act, designed "to encourage the migration of federal government IT systems to quantum-resistant cryptography" by ensuring they prepare strategies now for implementing forthcoming cryptography standards.
Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
Achieving Zero Trust compliance can feel like an ever-growing to-do list as regulatory requirements are continuously updated, often difficult to understand, and even harder to implement. If you don’t know where to start, some of the most basic yet difficult challenges can include trying to monitor and measure the...
A White House agency today told U.S. federal government IT vendors they must attest to using secure software development techniques. Self-attestation "is a bit of a compliance activity, but it's a pretty light compliance activity," says former federal CISO Grant Schneider.
For Cloud Service Providers (CSPs), FedRAMP authorization is the key to accessing the enormous Federal market, tapping into new revenue streams, and making cloud service offerings available for agency adoption and expansion. However, the associated high costs, extensive timelines, and operational burdens can often be...
New draft guidance from the National Institute of Standards and Technology - if properly applied by HIPAA regulated entities - could help organizations avoid fines and similar enforcement actions by regulators in the wake of breaches, some experts say.
The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.
Identity experts urge the Biden administration to accelerate the deployment of mobile driver's licenses and ensure identity theft victims get direct assistance. These are among the four items experts say must be added to an upcoming executive order focused on preventing and detecting identity theft.
As cyber risks and attacks escalate, how can you protect your organization with a thoughtful governance, risk and compliance approach?
What roles do standards like GDPR, PCI and NIST play?
How can you manage the ever-increasing role of third parties, who are estimated to account for more than 60% of data...
On the cusp of 2022, John Kindervag - the father of the Zero Trust security model - reflects on how the Zero Trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?
Chinese threat actors may increasingly look to steal sensitive, encrypted data in hopes of decrypting it with quantum computing technology in the years ahead, according to a new report. Researchers say Chinese threat actors may target government, business and academic data with long-term value.
In preparation for the relaunch of ISMG’s education platform, CyberEd.io, Ron Ross of the National Institute of Standards and Technology and Brian Barnier, who is designing a course on critical thinking and design thinking, discuss the need for reorienting toward systems thinking in cybersecurity.