Threat actors are focusing a lot on Active Directory today as it is a path for them to reach an organisations key data & applications. The versatility of Active Directory makes it a crucial target for hackers. Organisations learn new ways on how to protect this valuable target and mitigate the risks. Organisations...
Modern software applications contain many complexities that challenge testing requirements and security teams. A variety of elements including custom/proprietary code, open source components, and application configuration pose challenges for independent verification and validation (IV&V) and audit and testing teams.
...
It's not news that the digital economy is changing all the rules for IT, which has to deliver the infrastructure and apps that business stakeholders demand. And they have to do it fast without compromising security. That's why it so important to have a modern data center.
Learn what defines a modern data center and...
Despite significant investments in common DLP and analytics technologies, breaches and theft of sensitive data continue to rise. This is because the data itself is only monitored, not protected. But what are the gaps in your current technology investments and how can they be filled?
To ensure data security and...
With the advent of technology in personal healthcare - internet connected glucose monitors, intravenous blood pressure monitoring, personal best friend emotional bots - a lot of highly sensitive data that's rampantly traversing the airwaves. The impact of this data getting in the wrong hands is just starting to be...
As of Q1 2018, the global cybersecurity community finds themselves inundated with both internal and external advanced threat actors who are stealthier, more resilient and sadly, more effective than they have ever been before. Many organizations are coming to terms with deciding whether their security posture is...
Manual processes cultivate a silo-based approach to compliance, risk management, and IT security, with individual groups or departments focused on specific risks or guidelines. Regulatory requirements, operational risks and cyber-threats are now entwined and more complex. This paper outlines six key areas in which...
Implementing clouds in heavily regulated environments is either unscalable and slow, because of legacy audit requirements and processes, or simply implemented without audit controls. While these may seem like acceptable risks, the 20 million euro minimum penalty under GDPR, and the threat of blanket ransomware...
As organizations migrate workloads to cloud computing, they benefit from flexibility and agility, but security operations grow increasingly difficult, especially when it comes to ensuring adherence to critical regulations, such as PCI-DSS, NERC or the EU's GDPR. Gaining the needed visibility into cloud environments...
The complexity of information technology and the constantly evolving threat landscape makes implementing appropriate controls and processes to secure information assets a major challenge for most enterprises in and out of government. The number of vulnerabilities organizations face is mindboggling: the National...
HHS has issued new health data privacy guidance and announced a contest to create an online "model privacy notice generator." Plus, it's issued a reminder about the importance of reviewing and securing audit logs to help prevent and detect breaches.
The threat landscape certainly has changed in recent years. But can you say the same about the traditional intrusion prevention system."The biggest problem with IPSs today is that organizations are trying to fight today's threats with yesterday's solutions," says Bertone, who serves as CTO of Fidelis Cybersecurity....
"How secure are we?" That's one of the most common questions asked by boards and senior managers. But security and technology leaders do not always have ready answers, says Jacob Olcott of BitSight Technologies. Are they even using the right security metrics?
In an interview about cybersecurity metrics, Olcott...
Federal regulators issued a report about weaknesses found in an audit of Premera Blue Cross' systems about a month before an attack by hackers against the health insurer apparently started. Could those weaknesses have opened the door to an attack?
Some experts are concerned that the Department of Health and Human Services' Office for Civil Rights isn't taking bold enough action in stepping up its efforts to enforce HIPAA. Learn more about their areas of concern.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing omnibus.healthcareinfosecurity.com, you agree to our use of cookies.