The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.
The latest ISMG Security Reports leads with a top DHS cybersecurity leader, Jeanette Manfra, providing a case study on how information sharing helped mitigate the WannaCry attack in the U.S. Also, the SEC mulls toughening its cyber risk reporting requirements.
Dr. Suzanne Schwartz of the FDA clears up some myths and misunderstandings about medical device security in an in-depth interview. She'll be a featured speaker at Information Security Media Group's Healthcare Security Summit, to be held Nov. 14-15 in New York.
A report on the head of Equifax contending that his company - not individual consumers - owns the personally identifiable information the credit reporting agency markets to lenders leads the latest version of the ISMG Security Report. Also, a preview of the ISMG Healthcare Security Summit.
The success of any security initiative comes down to one crucial element: an educated, engaged workforce. And that requires an effective security awareness program, says Mark Eggleston, chief information security and privacy officer at Health Partners Plans. But how can you tell if your program is working?
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
The global cybersecurity skills shortage is real, and it's deeply impacting organizations' abilities to implement and manage new technology tools, says Lee Fisher of Juniper Networks. But worse, it's also affecting how organizations assess their adversaries.
CISO Mitchell Parker of Indiana University Health says healthcare organizations that have focused on HIPAA compliance when crafting security and privacy policies need to be making plans to comply with the EU's GDPR if they handle Europeans' data. How will that influence decisions about data protection?
The ISMG Security Report leads with a discussion about the sale of compromised remote desktop protocol credentials for as little as $3 on darknet marketplaces. Also, grading the performance of DHS in sharing cyberthreat information.
The latest ISMG Security Report features highlights from the recent panel discussion at the ISMG Fraud and Breach Prevention Summit in London on preparation for the European Union's General Data Protection Regulation set to be enforced next May.
Jennings Aske, CISO of New York-Presbyterian, says the healthcare sector is still struggling to figure out medical device security and contends that federal regulations have not been helpful in making it a priority.
The latest edition of the ISMG Security Report leads with an analysis of a British parliamentary probe into the WannaCry ransomware attack on England's National Health Service. Also featured: a discussion of cyber threats posed by outdated industrial systems.
When it comes to warding off phishing attacks, too many organizations are reliant on internal awareness campaigns. But a more proactive defense and controls are needed, says John "Lex" Robinson of PhishMe.
Litigation attorney Patricia Carreiro offers an analysis of whether malpractice or cyber insurance coverage - or neither - would come into play if a patient was injured as a result of a cyberattack against a healthcare entity, including an assault targeting a medical device.
Medical device cybersecurity scrutiny usually focuses on potential patient safety issues. But vulnerabilities identified in a cardiac pacemaker programming device illustrate the risks also posed to patient data privacy, says Billy Rios, a researcher who discovered the problem.