Automated FISMA Reporting Tool Unveiled
The Office of Management and Budget this month unveiled an interactive collection tool called CyberScope that should help agencies fulfill their IT security reporting requirements under the Federal Information Security Management Act.
via Automated FISMA Reporting Tool Unveiled.
Agency Infosec Spend a Mystery to OMB
The White House Office of Management and Budget does not know how much its departments and agencies specifically spend on IT security, Federal CIO Vivek Kundra told a Senate panel Thursday.
Kundra said he was shocked to learn that the OMB never collected from agencies specific IT security expenditures, just aggregate data, when he took over [...]
DHS agencies don’t sustain info security programs, IG says — Federal Computer Week
Homeland Security Department agencies don’t sustain their information security programs year-round or perform continuous monitoring to maintain systems’ accreditations and action plans, according to DHS Inspector General Richard Skinner.
The IG’s findings come from an annual independent evaluation of the department’s information security programs required by the Federal Information Security Management Act (FISMA)
via DHS agencies don’t [...]
New Study Reveals Push to Electronic Medical Records Puts Patient Privacy at Risk | Reuters
70 Percent of Surveyed Hospital Security Professionals Say Senior Management Fail to Prioritize Privacy and Data Security
via New Study Reveals Push to Electronic Medical Records Puts Patient Privacy at Risk | Reuters.
AHIMA floats privacy ‘bill of rights’ for entities outside HIPAA
The American Health Information Management Association (AHIMA) is looking to bridge what it sees as a yawning gap in health privacy protections with a seven-point bill of rights it hopes will push the healthcare industry to a “major paradigm shift” in patient privacy practices.
There are many entities that operate outside of the Health Insurance Portability [...]
Express Scripts: 700,000 notified after extortion – Network World
Nearly one year after being hacked by computer extortionists, pharmacy benefits management company Express Scripts now says hundreds of thousands of members may have had their information breached because of the incident.
Last November, the company reported that someone had threatened to expose millions of customer prescription records, but it has come under criticism for being [...]
The Two Scenarios Coming From The PWC PCI Report
The consultants at PWC began with an analysis of 12 security technologies that emerged from 160 interviews with industry players, and then narrowed the list for their “deep dive” investigation to several that they concluded had the best potential to be automated, could be integrated with existing infrastructures and could have a meaningful potential impact [...]
OMB Unveils Automated FISMA Reporting System
Changes are coming to the way federal CIOs will report how their departments and agencies comply with the Federal Information Security Management Act, but the revisions have nothing to do with new ways to measure how secure are government IT systems and networks. Starting this fall, departments and agencies must use a new automated reporting [...]
Cybercriminals move up the stack — but so does data protection – SC Magazine US
Encryption and key management are effective weapons in the security arsenal for data in applications, databases and files. But as with any technology, issues arise that require vigilant oversight. The amount of information to potentially be encrypted and decrypted increases exponentially, leading to a corresponding encryption key management challenge.
via Cybercriminals move up the stack — [...]
FTC’s PHR Breach Rule = Confusion
The Federal Trade Commission has released a final rule requiring vendors of personal health records–and entities that offer third-party PHRs–to notify consumers when the security of their PHR data is breached. Despite efforts of the FTC and the Department of Health and Human Services to harmonize separate rules governing notification of breaches, the FTC rule [...]
