New Study Reveals Push to Electronic Medical Records Puts Patient Privacy at Risk | Reuters
70 Percent of Surveyed Hospital Security Professionals Say Senior Management Fail to Prioritize Privacy and Data Security
via New Study Reveals Push to Electronic Medical Records Puts Patient Privacy at Risk | Reuters.
Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet Most Organizations Still at Risk | Reuters
Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet Most Organizations Still at Risk Less than half encrypt backup tapes, full disks and databases while nearly 20 percent said they would wait for a data breach before they encrypt tapes
via Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet [...]
Visa creates guidance for merchants wanting to encrypt #PCI
Visa on Monday released a best practices document for merchants considering adoption of end-to-end encryption, an emerging technology used to mask cardholder data from point-of-swipe through processing.
The guidance is meant to fill a temporary void until industry standards are established by the American National Standards Institute, Jennifer Fischer, senior business leader in Visa’s payment system [...]
Mixed PCI DSS compliance puts consumers at risk | 23 Sep 2009 | ComputerWeekly.com
Some 79% of US and multinational companies surveyed said they had lost credit card information, yet only 29% use PCI DSS as part of their security strategy.
Over half (55%) said they focus on protecting only credit card data and do not attempt to secure other sensitive customer information, the survey showed.
via Mixed PCI DSS compliance [...]
HHS guts health-care breach notification law, groups warn
However, in an interim final rule published late last month, the HHS introduced a new “harm threshold” for breach notification which critics say completely guts the original intent of the bill. Under the change, health-care entities will be required to publicly disclose breaches involving health-care data only if they think the breach will cause financial [...]
4 Ways to Get the Most from Your PCI QSAs – CSO Online – Security and Risk
4 Ways to Get the Most from Your PCI QSAs
In response to Heartland CEO Robert Carr’s claim that his qualified security assessors (QSAs) missed key weaknesses during a PCI security audit of his company, security experts offer tips to get the most from an assessment.
via 4 Ways to Get the Most from Your PCI [...]
CMS HIPAA Security Review: Encryption & Employee Background Checks Mandatory, MT Providers Next Under The Microscope?
The first batch of government reviews of covered entities (CEs) for compliance with the security rule revealed a host of deficiencies, ranging from failure to conduct even an initial risk assessment to inconsistent employee training, according to a summary of findings and recommended corrective actions recently released by CMS.
via The XY Files in an MT [...]
Skimming Prevention: Best Practices for Merchants #PCI
According to the “Skimming Prevention: Best Practices for Merchants” guidelines expected to be issued by the Payment Card Industry Security Standards Council Tuesday, even tiny cameras hidden in ceilings and charity boxes left on retail counters are being used to steal detailed customer payment data, including PIN numbers.
via How to minimize the risk of illicit [...]
ISACA to host IT security conference in Las Vegas |
The role of the IT security professional has expanded from securing an enterprise’s information to also managing the associated risk. ISACA has responded by offering the new Information Security and Risk Management Conference, which combines the most timely material from two of ISACA’s well-regarded security-related conferences.
ISACA, a nonprofit association serving 86,000 IT governance professionals, will [...]
Is IT Risk Management Compatible With ERM?
But in spite of these warnings, my conversations with enterprise risk and IT risk professionals still reveal many disconnects, including that IT risks are not measured consistently with other enterprise risks. In addition, many IT risk professionals do not see their biggest risks showing up on the corporate risk register.
via The Forrester Blog For Security [...]
