The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
Given the magnitude of sensitive information on Social Security Administration computers, the inspector general says, any loss of confidentiality, integrity or availability of systems or data could have a significant impact on the nation's economy.
Despite numerous data breaches, as well as financial incentives and penalties, many healthcare organizations aren't taking risk assessment requirements seriously. Experts offer insights on best practices.
Accelerated interest in mobile payments is paving the way for new revenue streams. But Javelin's Alphonse Pascual says mobile security products, not payments technology, will reap the most rewards for banks.
Incorporating new concepts such as security-control overlays and placing a renewed emphasis on information assurance, the forthcoming guidance is 'a total rewrite' from the 2009 version, NIST's Ron Ross says.
Gov. Nikki Haley realizes the potential political consequences of a breach, which explains why she held three press conferences on three consecutive days to address her administration's response to a computer breach of the state's tax IT system.