"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
Data protection officers are assuming a more strategic role that goes beyond ensuring compliance with laws and regulations, including GDPR, says Rob Masson, CEO of the DPO Center.
Proponents of the potential adoption of a national unique patient identifier had been hopeful that the Senate would follow the House's lead in lifting a 20-year ban on funding for federal regulators to work on development. But now they face two substantial hurdles.
Why did U.S. President Donald Trump discuss cybersecurity firm CrowdStrike with the president of Ukraine, saying "the server, they say Ukraine has it"? Experts say Trump appears to be referring to one or more conspiracy theories, none of which have a basis in reality.
The National Institute of Standards and Technology expects to release its much anticipated privacy framework by year's end. It's now accepting comments on the latest draft.
Europe's top court has ruled that Google does not have to remove links to sensitive personal data globally under the EU's "right to be forgotten" requirements, saying the requirement only applies in Europe.
The movement to lift the longstanding Congressional ban on federal regulators funding the development or adoption of a national unique patient identifier appears to have hit a roadblock. Here's an update.
The U.S. Justice Department has sued Edward Snowden over his new memoir, claiming that the former NSA contractor violated a nondisclosure agreement he signed when he worked for the government before becoming the world's best-known whistleblower. The suit seeks to collect all profits from the book.
A Minnesota county that originally reported last December that a hacking incident affected about 600 individuals now says about 118,000 may have had healthcare data exposed. What's behind the huge spike?
New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS.
Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.
Because banks, fintech firms, merchants and payments processors in the EU have struggled to meet the Sept. 14 deadline for compliance with the new PSD2 "strong customer authentication" requirements for electronic payments, it may take a while for European consumers to notice authentication changes.
The Pentagon and the Department of Energy are pitching new or revised cybersecurity capability maturity models to help their sectors prioritize cybersecurity investments and refine processes and controls. But should they defer to the NIST Cybersecurity Framework instead?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.