Where is the data, who has access to it, and how is it being secured? These are among the top questions inherent in any third-party risk program. Cris Ewell, CISO of UW Medicine, shares insight from his experience managing vendor risk.
When it goes into effect in 2020, the California Consumer Privacy Act will give citizens of that state greater control over their personal data. Ginger Armbruster, the chief privacy officer for the city of Seattle, believes this trend toward greater personal privacy will spread across the U.S.
For years, security leaders focused primarily on malicious insiders - those who intend to do harm to an organization. But CISOs are increasingly concerned about the accidental insider. And Anne-Marie Scollay of Axiom Law has a program targeting this growing threat.
The California Consumer Privacy Act likely represents the start of a new era of privacy laws designed to protect personal data, says Kelsey Finch of the Future of Privacy Forum.
The traditional IAM strategy has been to tie individual users with a unique device. But that doesn't work in healthcare settings, where doctors and nurses often share multiple devices. Jigar Kadakia of Partners HealthCare talks about how he approaches this critical challenge.
Encouraged by the moves of medical device manufacturers, Jennings Aske, CISO of NY Presbyterian Hospital, says the "state of the union" of medical device security has improved dramatically. But what more is needed to mitigate risks?
Mark Bower of Egress Security offers timely insights on how healthcare organizations can mitigate insider threats, including focusing on generational differences in data use.
Healthcare information is a prime target for malicious attackers because it has a high value on the black market, says Amanda Rogerson of Duo Security, who calls for adoption of a "zero trust" model to boost security.
New York's Interfaith Medical Center is one of the first hospitals to fully implement a zero trust network security strategy. Chris Frenz, the hospital's CISO, explains why he adopted that approach and offers lessons learned from the transition.
The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks. Some researchers say the exploits could be tied to an Iranian-backed threat group.
Reducing risk is a tall order, but IBM's Christopher Bontempo says healthcare security leaders can get immediate and measurable results by concentrating on two aspects: data security and incident response.
More U.S. cities and other governmental units reportedly have been hit by ransomware in an unrelenting wave that has proved profitable for hackers. Here's a roundup of the latest incidents.
Threat intelligence programs have evolved greatly over the past decade. But Mario Vuksan, CEO of ReversingLabs, says too many organizations are overlooking the value of local intelligence embedded in their own networks. Vuksan talks about maximizing TI resources.
Sophos is the latest security firm to create a proof-of-concept exploit for the BlueKeep vulnerability in older versions of Windows. The company echoed several government agencies that have urged businesses to patch their devices.
Several unsecured Amazon S3 buckets belonging to IT services firm Attunity left at least 1 TB of data, including files from companies such as Netflix, TD Bank and Ford, exposed to the internet, UpGuard researchers disclosed. Although the databases have been secured, an investigation is continuing.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.