• View from the C-Suite

    July 06, 2017

    ONE RUNS MARATHONS. Another writes young adult sci-fi. Still another embraces efforts to end homelessness, and a fourth splices in college teaching while managing an eight-country digital asset portfolio. All arrived at the C-suite by divergent paths. Yet in frank conversations about the future of the job and trends for the information security field, some […]

    | InfoSecurity Professional Magazine

  • Eye on Atlanta: Larry Clinton, President, Internet Security Alliance: A Roadmap for Improving Cyber Preparedness

    July 05, 2017

    As company leaders have become better educated about the evolving nature of cyber threats, preparedness for addressing cyber risks has continued to improve. According to PwC’s The Global State of Information Security Survey 2017, 50% of organizations now share with and receive more actionable information from industry peers. Meanwhile, as corporate boards have become more […]

    | HMG Strategy

  • C-Suite: Cybersecurity is #1 Issue, ISA Report

    June 05, 2017

    SC Media Reports: It’s been a topic of discussion for some time: Cyber threats are serious risks to enterprises and it is the responsibility of the boards to provide oversight. The problem, according to a new blog post written by Stacey Barrack, senior director of the Internet Security Alliance (ISA), is that most of the team […]

    | SC Media

  • Brainstorming on Information Security Best Practices Highlights the 2017 Chicago CISO Executive Leadership Summit

    Chief Information Security Officers (CISOs) recognize that collaboration is key to cyber security resilience. Sharing best practices in intimate, executive roundtable working groups among peers on topics ranging from must have questions and strategies for the board of directors to securing connected devices and the Internet of Things (IoT) will be featured at the 2017 […]

    | Cellular News

  • Internet Security Alliance: NIST framework metrics should focus on threats

    June 01, 2017

    The National Institute of Standards and Technology should focus on developing an “analytical tool” enabling entities to assess cyber threats on a monetized basis, according to the president of the Internet Security Alliance, as NIST continues probing the use of NIST cybersecurity framework metrics. “The next step in the evolution of the NIST CSF shouldn’t […]

    | Inside Cybersecurity

  • How the Trump Budget Would Fund Cybersecurity

    May 24, 2017

    The Donald Trump administration, in its proposed fiscal year 2018 budget, outlines steps it contends would strengthen the U.S. federal government’s information systems, even as it would cut some cybersecurity spending at specific agencies. At the heart of the budget for the fiscal year that begins Oct. 1 is a proposal to spend $1.5 billion […]

    | Bank Info Security

  • Modernizing Government Technology Act Passes House

    May 18, 2017

    The House of Representatives has passed the Modernizing Government Technology Act, which supporters contend should help improve the security of the federal government’s information networks. The legislation passed May 17 on a voice vote and now goes to the Senate, where its prospects are uncertain. Should the bill become law, major agencies would create IT […]

    | Bank Info Security

  • Eye on Chicago: Going on the Offensive to Win the Cyber War

    May 15, 2017

    HMG Strategy Reports: Taking a defensive approach to cybersecurity isn’t working for keeping the bad guys out. The volume and level of sophistication with cyber attacks has continued to rise dramatically. In 2016, one-third of all businesses globally were breached, according to PwC. And while millions of attacks are being launched on a daily basis, […]

    | HMG Strategy

  • Assessing the Latest Draft Cybersecurity Executive Order

    May 06, 2017

    The latest draft version of the Trump administration’s cybersecurity executive order is similar to the previous version and lays out a plan to secure U.S. federal government and critical infrastructure IT that could have come out of the Barack Obama White House, including modernizing federal IT. “That fact that they are focusing on IT modernization […]

    | Bank Info Security

  • NIST work on framework update quietly proceeds amid hubbub over Trump cyber agenda

    May 01, 2017

    The National Institute of Standards and Technology is diligently reviewing the nearly 130 comments from industry and other groups on a draft update to the framework of cybersecurity standards, as it prepares an analysis of that input in advance of a highly anticipated public meeting this month. That meeting will likely set the course and […]

    | Inside Cybersecurity

  • Industry raises concerns with NIST approach to supply-chain risks in cyber framework update

    April 26, 2017

    Industry groups across sectors are raising concerns with various aspects of the National Institute of Standards and Technology’s approach to managing supply-chain risks in a proposed update to the voluntary framework of cybersecurity standards. Specifically, groups say the NIST plan fails to take into account the interconnectedness of vendor services and downplays the potential effect […]

    | Inside Cybersecurity

  • Congress returns, but the real cybersecurity action is taking place off the Hill

    April 24, 2017

    Lawmakers return to Capitol Hill this week with a few cybersecurity items on the agenda for the upcoming legislative work period, while the most significant efforts in the coming months may be taking place at the White House and at the National Institute of Standards and Technology’s campus in suburban Maryland. “On the congressional front, […]

    | Washington Examiner

  • Business lobby pushes back on NIST Framework measurement plans

    April 13, 2017

    Business lobbying groups are pushing back on plans by federal scientists to add third-party measurement of cybersecurity to a voluntary framework designed to help private companies improve its defenses against hackers, cybercriminals and online spies. A draft proposed revision of the National Institute of Standards and Technology’s Cybersecurity Framework, to be known as version 1.1, […]

    | Cyberscoop

  • Internet Security Alliance: Framework metrics would help businesses prioritize efforts

    April 12, 2017

    The Internet Security Alliance is calling for metrics that allow businesses to prioritize their cybersecurity efforts based on the National Institute of Standards and Technology cybersecurity framework, while stressing the need for NIST and other agencies to continue promoting the voluntary, public-private partnership approach to cybersecurity. The comments come in response to a request for […]

    | Inside Cybersecurity

  • Metrics abound, but who should be required to measure cyber effectiveness remains a key question

    March 13, 2017

    The government has suggested many ways to use metrics to measure the effectiveness of cybersecurity investments, but who should be using these measurement tools – and whether doing so should be required – remains open questions that will affect the scope and movement of these plans. Industry remains somewhat divided on the role of metrics, […]

    | Inside Cybersecurity

  • Latest Executive Order Draft Promotes Risk-Based Approach

    March 08, 2017

    The latest version of the draft of a cybersecurity executive order from the Donald Trump White House would direct the federal government to take a risk-based approach to IT security and hold cabinet secretaries and agency heads responsible for the security of their organizations’ IT assets. The draft executive order also would require federal agencies […]

    | Bank Info Security

  • House bill requiring cyber audits by NIST could overhaul agency’s role

    March 02, 2017

    Having the National Institute of Standards and Technology audit other federal agencies’ cybersecurity practices is not a matter of NIST “stepping up” its game, as House Science Chairman Lamar Smith (R-TX) said this week – rather it would be a matter of dramatically redefining NIST’s role and relationship with other federal entities. The Science panel’s […]

    | Inside Cybersecurity

  • Bill Seeks Metrics for NIST Cybersecurity Framework

    February 28, 2017

    Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to demonstrate the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered – and likely amended – at a markup session of the House Science, Space and Technology Committee on March 1. The measure, known as the NIST Cybersecurity […]

    | Bank Info Security

  • Cyber Risk Management Guidance for Corporate Directors

    February 24, 2017

    Cyber risk management is an increasingly important challenge for organizations of all kinds and sizes. Corporate directors have a legal responsibility to ensure that their corporations have appropriate cyber risk management policies and practices and are prepared to respond effectively to cyber incidents. Corporate directors can obtain helpful guidance from regulators, industry associations and other […]

    | Lexology

  • Five Principles for Stronger Board Oversight of Cybersecurity

    February 17, 2017

    One of the most important jobs of the board is to challenge management and test their assumptions about strategy, the competitive environment, and associated risks and opportunities. Many directors would say that they are most passionate about this part of their role, and in today’s business environment it has never been more critical. Cybersecurity is […]

    | Brink News

  • IT Security Employment Soars to Record High

    January 18, 2017

    The number of people employed in the United States as information security analysts reached a record high in 2016, according to uncirculated employment data provided by the U.S. Labor Department’s Bureau of Labor Statistics. Based on the same household survey used to determine the monthly unemployment rate, BLS reports that 89,000 individuals last year were […]

    | Gov Info Security

  • Updated cyber ‘handbook’ for business leaders examines changing legal, threat landscape

    January 13, 2017

    The updated “Cyber-Risk Oversight” handbook for corporate directors released Thursday examines new legal and regulatory requirements and challenges faced by business, as well as the evolving and growing threat of cyber attacks. “The legal and regulatory landscape with respect to cybersecurity, including required disclosures, privacy and data protection, information-sharing, infrastructure protection, and more, is complex […]

    | Inside Cybersecurity

  • Boards of directors, managers at center of cybersecurity handbook for industry

    January 12, 2017

    The server room might be an obvious choice for a starting point when it comes to protecting your company’s cyber networks, but the National Association of Corporate Directors says the best place to begin is in the board room. The newest edition of the NACD’s Cyber-Risk Oversight handbook, released Jan. 12, advises private sector managers […]

    | Federal News Radio

  • Why risk management is critical in cybersecurity

    If you’re a federal cyber official, the advice in a newly revised handbook on corporate cybersecurity might sound familiar. The new National Association of Corporate Directors’ cybersecurity handbook says cybersecurity is a risk management issue, not an IT matter. The language echoes what top federal agency IT managers and cybersecurity officials have been saying about […]

    | FCW

  • Former DHS head urges Trump to see economic dangers from cyberattacks

    January 10, 2017

    Last week’s U.S. intelligence report tracing Russia’s cyber-meddling with the 2016 presidential election is a timely reminder of the cybersecurity risks that the government and private companies face, said Tom Ridge, the nation’s first secretary of Homeland Security. “President-elect Trump is entering into a world fraught with hazards as never before,” Ridge said in a […]

    | CIO

  • Farms Big and Small Prime Targets for Cyber Attacks

    April 18, 2016

    Public News Service Reports:  Officials from the FBI and the Justice Department held a roundtable recently at Iowa State University, emphasizing the seriousness of cyber attacks for a surprising target – the agriculture industry. It’s a subject familiar to Larry Clinton, president of Internet Security Alliance, an information security think tank. He says many of […]

    | Public News Service

  • Trump Leading The Democratic Candidate

    March 02, 2016

    PRESS RELEASE March 1, 2016 – Washington, DC TRUMP THE LEADING dEMOCRATIC CANDIDATE That’s democratic with a small d. The most under-reported story of Super Tuesday is certainly not that Donald Trump has seized hold of the GOP nominating process or the Party’s internal revolt — that story has been beaten to death. It is […]

  • Leading Figures in Cybersecurity and Privacy Advocate for an End to the War Between Privacy and Security

    February 22, 2016

    PR Newswire Reports: The ‘Digital Equilibrium Project’ works to bring differing views together in pursuit of a digital constitution to support a safer world for individuals, organizations and nations.  Cybersecurity, government and privacy experts are banding together as part of The ‘Digital Equilibrium Project’ to foster a new, productive dialogue on balancing security and privacy […]

    | PR Newswire

  • Obama Creating Federal Ciso Post

    February 09, 2016

    Bank Info Security Reports:  President Obama is creating the position of federal chief information security officer as part of a multifaceted initiative aimed at strengthening the nation’s IT security. Related steps include the formation of a public-private Commission on Enhancing National Cybersecurity, as well as a proposal to boost government cybersecurity spending next fiscal year […]

    | Bank Info Security

  • Cybersecurity underfunded, industry tells congress

    January 12, 2016

    GCN Reports:  Agency IT managers who believe they do not have the resources to adequately fight cybersecurity threats got some backing from industry experts who voiced the same concerns to Congress.  At a Jan. 8 hearing held by two subcommittees of the House Science, Space and Technology Committee, Larry Clinton, president and CEO of the […]

    | GCN

  • Schooling Uncle Sam

    January 08, 2016

    Politico Reports:  Here’s the cybersecurity three-step the federal government should be doing: Spend more on cyber, implement tougher cybersecurity policies and demand that senior officials pay more attention to the issue. Those are the first three of 10 recommendations Larry Clinton, president of the Internet Security Alliance, an industry group, plans to share with two […]

    | Politico

  • America is loosing the ‘Cyber Arms Race’

    The Daily Caller Reports: The federal government is falling behind in a “cyber arms race,” putting millions of taxpayers’ personal information at risk, digital security experts told a joint hearing of two congressional subcommittees Friday. Hackers ranging from hacktivists to state-sponsored attackers will continue threatening the federal government’s digital networks to steal personal information and state […]

    | The Daily Caller

  • Congress Set to Enact Cyberthreat Information-Sharing Law

    December 17, 2015

    GovInfoSecurity Reports: After years of failing to enact cyberthreat information-sharing legislation, Congress is poised to vote on a measure this week that would incentivize businesses to voluntarily share threat data with the federal government and with one another. The legislation, added to a 2,009-page omnibus $1.1 trillion spending bill, also would establish a process for […]

    | GovInfoSecurity

  • Internet Security Alliance president outlines cyber partnership best practices

    December 10, 2015

    Inside Cybersecurity Reports: A new study by Internet Security Alliance president Larry Clinton outlines 10 best practices for government-industry partnerships on cybersecurity, ISA announced Wednesday. The new study highlights work from a research program led by Clinton and the Department of Homeland Security and lays out best practices endorsed by the Partnership for Critical Infrastructure […]

    | Inside Cybersecurity

  • Industry wary of power grab by feds on cybersecurity

    December 07, 2015

    Washington Examiner Reports: The National Institute of Standards and Technology is launching a new initiative designed to energize industry-led efforts on cybersecurity amid concerns that federal and state regulators are increasingly eager to put their stamp on the issue. NIST, the highly esteemed agency headquartered in Gaithersburg, Md., is releasing a “request for information” about […]

    | Washington Examiner

  • Prospect of regulation hovers over cyber policy landscape

    SC Magazine Reports: As 2015 nears an end, the industry-led, standards-driven strategy on cybersecurity remains a potent policy force, while signs – and fears – of a more prescriptive regulatory approach pop up across the cyber landscape. The National Institute of Standards and Technology is pursuing ways of keeping the voluntary approach vibrant and viable, […]

    | SC Magazine

  • NIST process could help address cyber reg concerns in finance sector

    December 03, 2015

    Inside Cybersecurity Reports: Financial sector representatives are looking to an upcoming “request for information” on the federal framework of cybersecurity standards as a way to revitalize the voluntary, industry-led approach to cyber – and to head off conflicting regulatory moves. The National Institute of Standards and Technology is expected in the coming days to release […]

    | Inside Cybersecurity

  • ISA’s Clinton: Failure to implement executive order spurs regulatory push

    December 02, 2015

    Inside Cybersecurity Reports: Incomplete efforts to implement President Obama’s “visionary” 2013 executive order on cybersecurity have created a policy vacuum that some federal and state officials are moving to fill with regulations, according to Internet Security Alliance president Larry Clinton. Representatives from 27 industry groups attended a meeting on Monday with officials from the National […]

    | Inside Cybersecurity

  • Cyber security bill passes Senate muster

    November 18, 2015

    BusinessInsurance.com Reports: Passage of long-awaited cyber security legislation will be a limited but still-useful tool that encourages businesses and the government to share data by providing liability protection. However, experts are divided on the legislation’s ultimate effect on rates for cyber insurance. In a 74-21 vote in late October, the U.S. Senate approved The Cybersecurity […]

    | BusinessInsurance.com

  • DHS insurance report could inform development of cyber info-sharing standards

    October 08, 2015

    Inside Cybersecurity Reports: A federal report that proposes hacked companies share specific kinds of cyber incident data in a private-sector repository to help expand the nascent insurance market is drawing early praise from industry stakeholders tracking the development of cybersecurity information-sharing standards. The assessment – produced by a Department of Homeland Security advisory panel and […]

    | Inside Cybersecurity

  • Appetites for more: Government actions

    October 01, 2015

    SC Magazine Reports: Appetites for more: Government actions (10.1.2015) Cybersecurity is a technical challenge. But it also usually has a legal and regulatory aspect as well. Obviously, there is the legal framework under which organizations operate and under which cybercrimes are defined and, sometimes, prosecuted. Then, of course there are the complex interactions between government […]

  • Appliance takeover?: Internet of Things

    em>SC Magazine Reports: Had the recently departed filmmaker Wes Craven lived just a few years longer, the Internet of Things (IoT) might have provided him with the perfect fodder for one of his horror classics. After all, it has all the the potential to be the stuff that nightmares – or an episode of Phineas […]

    | SC Magazine Reports

  • DHS selection for info-share standards role praised, questioned

    September 04, 2015

    Inside Cybersecurity Reports: The Department of Homeland Security is earning praise for its decision to select a university as the standards-setting body for new cyber information-sharing entities, as some stakeholders say the function can best be delivered in a research and academic setting. But other stakeholders from industry groups and the info-sharing community said they […]

    | Inside Cybersecurity

  • DHS nears pivotal decision on standards body for new info-sharing entities

    August 10, 2015

    Inside Cybersecurity Reports: President Obama’s push to broaden the sharing of cyber threat data both within the private sector and between government and industry by urging companies and industries to establish new cybersecurity information-sharing hubs will soon reach a pivotal decision point when the Department of Homeland Security awards a key federal grant….SOURCE

    | Inside Cybersecurity

  • DHS Workshop Marks Key Phase of Obama’s Cyber Information Sharing Push

    July 27, 2015

    Inside Cybersecurity Reports: The Department of Homeland Security will convene a workshop in Silicon Valley this week to make headway on implementing President Obama’s executive order on improving the exchange of cyber threat data between government and industry, an effort that faces significant obstacles but has captured the interest of key private-sector stakeholders. The July […]

    | Inside Cybersecurity

  • ISA’s Clinton on List Of 100 Most Influential In Corporate Governance

    July 21, 2015

    Dark Reading Reports: The Internet Security Alliance (ISA) is proud to announce that it’s President and CEO, Larry Clinton, has been named to the “Corporate 100” which identifies the nation’s 100 most influential people in the field of corporate governance. Joining Clinton on the list are a wide range of luminaries including the 5 current […]

    | Dark Reading

  • Evolving Threat Landscape Demands Executives Understand Cyber Risk

    July 03, 2015

    Today.US Reports: In the wake of a number of recent high-profile, damaging cyberattacks—including the recent breach of the Office of Personnel Management, which compromised the sensitive information of millions of federal employees—executives and board members are gradually becoming aware of today’s cyber threats and the potentially devastating impact these can have on their organizations. However, […]

    | Today.US

  • Concerns over cyber security reach corporate boardrooms of Michigan manufacturers

    June 21, 2015

    MiBiz Reports: Manufacturing executives in West Michigan and nationwide worry that their computer networks could fall victim to security breaches similar to those that have plagued the retail sector in recent months. As industry extends its global reach and has come to rely more on digital data, cyber criminals have likewise become more innovative, adopting […]

    | MiBiz

  • ISA Featured on PBS, FOX Business, NYT, WSJ, CBS, CNN International, MSNBC, C-SPAN, CNBC & Other Media Outlets

    June 12, 2014

      As the issue of cyber security grows increasingly more salient, ISA has been featured in a number of high-profile print and television appearances over the past several years. Topics of discussion have ranged from hot-button issues of the day to long-standing policy implications. Some of these media appearances include USA Today, the PBS News […]

  • Bill Would Have Businesses Foot Cost of Cyberwar

    May 08, 2012

    By Tom Gjelten (National Public Radio (NPR) – Morning Edition) Business executives and national security leaders are of one mind over the need to improve the security of the computers that control the U.S. power grid, the financial system, water treatment facilities and other elements of critical U.S. infrastructure. But they divide over the question of […]

  • Mitigating PHI Danger In The Cloud

    May 02, 2012

    By Rick Kam For all of its benefits, cloud computing poses very real dangers to covered entities responsible for safeguarding protected health information (PHI). The cloud model, which the IT industry has been embracing for its up-front cost savings and efficiencies for years now, is more recently being recognized by the healthcare realm for its potential […]

  • Cybersecurity Bill Passes, Obama Threatens Veto

    April 27, 2012

    The Cyber Intelligence Sharing and Protection Act, which has been revised several times over the past week, allows the government and private companies to share information with one another with the aim of warding off cyber threats.

    | CNN

  • Cybersecurity Bill Passes, Obama Threatens Veto

    By David Goldman (CNN) NEW YORK (CNNMoney) — The House of Representatives, as expected, approved a controversial cybersecurity bill late Thursday, staring down a veto threat. But the fight to protect the United States from a cataclysmic cyber attack is far from over. The Cyber Intelligence Sharing and Protection Act, which has been revised several times over the past week, […]

  • Group Calls For Public-Private Alliance To Protect Cyberspace

    April 17, 2012

    By Andrew Feinberg (The Hill) As Congress turns its focus to cybersecurity matters, 26 major business and trade associations are seeking to remind lawmakers that cyberspace is “a bulwark of the global economy.” The group sent a letter Tuesday to House Speaker John Boehner (R-Ohio) and Minority Leader Nancy Pelosi (D-Calif.) urging action to protect “the […]

  • Militarisation of cyberspace: how the global power struggle moved online

    April 16, 2012

    Rise of cyber-attacks on critical infrastructure on both sides of Atlantic calls for creation of cyberweapons and new rules for use

    | The Guardian

  • MILITARISATION OF CYBERSPACE: How The Global Power Struggle Moved Online

    Rise of cyber-attacks on critical infrastructure on both sides of Atlantic calls for creation of cyberweapons and new rules for use By Nick Hopkins (The Guardian) Jonathan Millican is a first-year university student from Harrogate in North Yorkshire. He says he doesn’t think of himself as a “stereotypical geek”, but having been crowned champion in […]

  • Data Breaches Of Small Business, Including Doctor Offices, On The Rise

    April 05, 2012

    A report says cyber criminals are seeking what they consider easy targets. By Pamela Lewis Dolan Small organizations, including physician practices, represented the largest number of data breaches in 2011, according to Verizon’s annual Data Breach Investigations Report. The report examined 855 breaches across the globe that accounted for 174 million compromised records in 2011. […]

  • Debriefing The PHI Report: Determining The True Cost Of A Data Breach

    March 23, 2012

    DEBRIEFING THE PHI REPORT: DETERMINING THE TRUE COST OF A DATA BREACH By Jenny Laurello This week I had the chance to listen to a webinar highlighting the recently released report on The Financial Impact of Breached Protected Health Information. Released on March 5, the “PHI Report” has already been downloaded by more than 1,700 users, with its goal being […]

  • March 21 Free Webinar to Highlight Finding From The Financial Impact of Breached Protected Health Information

    March 21, 2012

    NEW YORK, — On Wednesday, March 21, 2012, at 2:00 p.m. ET, the American National Standards Institute (ANSI), The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) will host a free webinar to help health care organizations assess security risks and help them build a business case to better […]

  • Cybersecurity Bill Faces Uncertain Future In Fight Over Regulation

    March 19, 2012

    By Gerry Smith (Huffington Post) WASHINGTON — It is a scenario that many officials in Washington say keeps them awake at night: a cyberattack against critical infrastructure. Many lawmakers believe the nation’s vital computer networks are vulnerable to such an event, which they say could lead to the collapse of the banking system, sustained blackouts or […]

  • Bluecross Blueshied of Tennessee Fined $1.5 Million

    By Integracon The Department of Health and Human Services is fining BlueCross BlueShield of Tennessee $1.5 million for the 2009 loss of 57 hard drives that contained unencrypted protected health information (PHI). In addition to the fine, the agency must submit to a 450-day corrective action plan.[1] In 2009, 57 hard drives were stolen from […]

  • New Report Highlights The Costs of Document Security Breaches for Healthcare Providers

    The American National Standards Institute has released a report emphasizing the business incentives for healthcare providers to improve their IT security, and the potential costs of failures to increase security protocols. The report notes that the healthcare industry’s move toward fully adopting electronic health records increases the opportunities for protected health information (PHI) to be […]

  • Healthcare Security Pros Need To Speak The Language Of Finance

    Experts say PHI protectors can’t pay for data protection because they don’t know how to make the business case for it. As the number of healthcare data breaches continues to snowball, executives put in charge of safeguarding protected health information (PHI) can’t keep up with the risks inherent with increased deployment of electronic health records […]

  • ANSI Releases Business Case For Safeguarding PHI Data

    March 16, 2012

    The American National Standards Institute (ANSI) has released a report on protected health information (PHI) security, namely, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, which offers a novel means of evaluating PHI at risk. The report would enable healthcare providers to conceive a business case for the investment […]

  • Nobody Cares About HIPAA

    March 15, 2012

    Compliance in many organizations is seen as only a costly inconvenience By Glenn S. Phillips Sometimes clarity comes out of the blue, including clarity about compliance issues. Recently I was meeting with friend and business associate Ben Drake. His company works with networking and data protection technology for a number of businesses. I mentioned how some organizations […]

  • FREE WEBINAR: How To Calculate The Cost Of A Data Breach And What To Do About It

    March 14, 2012

    Clearwater Compliance, a prominent HIPAA-HITECH compliance consultancy and software provider, announced today another upcoming free webinar entitled “How to Calculate the Cost of a Data Breach and What to Do About It.” Based on the new report recently published by ANSI and co-sponsored by Clearwater entitled “The Financial Impact of Breached Protected Health Information: A […]

  • 5 Things CIOs Need To Know About Funding The Protections Of PHI

    By Michelle McNickle With groups recently banding together to demand a tightening of security for protected health information, looking at the financial side of a breach has been put front and center. But according to Rick Kam, president and cofounder of ID Experts, there’s an aspect of protecting PHI that’s “not getting picked up,” and is […]

  • Data Theft Costs Tennesse Blue Cross Big Bucks

    Blue Cross Blue Shield of Tennessee agrees to pay $1.5 million to settle case involving theft of 57 unencrypted hard drives that contained protected health information. By Nicole Lewis Blue Cross Blue Shield of Tennessee (BCBST) will have to fork over $1.5 million to the U.S. Department of Health and Human Services (HHS) to settle potential […]

  • How To Calculate The Cost Of A Hospital Data Breach

    March 13, 2012

    By Ron Shinkman Although hospital operators know that a data breach can lead to significant consequences–lawsuits, loss of business and reputation–a new report by the American National Standards Institute (ANSI) can help them place a specific price tag on such mishaps. The report released last week includes a section on what it refers to as “PHIve”–a five-step process […]

  • 5 Best Practices for HIPAA Security

    March 12, 2012

    By Michelle McNickle The risk of protected health information being breached has grown dramatically within the past few years, and to combat the threat, the HIPAA Security Rule was created to provide organizations with administrative, physical, and technical guidelines to safeguard their electronic PHI. “The guidelines underscore a higher goal of the HIPAA Security Rule: helping […]

  • The Benefits And Limitations of Cyberinsurance

    March 09, 2012

    By Risk Management Magazine The Information Age. The Digital Age. The Computer Age. Whichever name you use, we’re in an era where many companies’ most valuable asset is information, from consumer buying habits to patient diagnoses to scientific data. At the same time, this asset also comes with a burden: companies are responsible for safeguarding the […]

  • OCR “Chomping On The Bit” To Audit Business Associates For HIPAA Hi-Tech Compliance

    By Jack Anderson CEO Compliance Helper Here is a quote from Rebecca Herold, CIPP, CISSP, CISM, FLMI, in the February 2010 edition of Compliance Today: “CEs are now accountable for more active validation of BA security and privacy program compliance, beyond just having a BA contract in place. It is more important than ever for […]

  • Data Breaches Put Patients At Risk For Identity Theft

    DATA BREACHES PUT PATIENTS AT RISK FOR IDENTITY THEFT By: Robin Erb DETROIT – Walk into a doctor’s office and chances are that some of your most private information — from your Social Security number to the details of your last cervical exam and your family’s cancer history — is stored electronically. Your doctor might […]

  • New ANSI Report Calls For Enhanced Security To Safeguard Protected Health Information

    Report is a call to action for healthcare to invest more to protect patient information To view the original article please click here. By Don Bailey Washington, DC, March 5, 2012: With the release today of The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, health care organizations now have […]

  • OR: Portland Psychiatrist Alerting Patients Personal Information Stolen

    By Dissent Nick Budnick reports: A Northwest Portland psychiatrist is putting out public notice that personal information of 480 current and former patients on a laptop was stolen from his office. A burglar broke into Dr. David Turner’s office last October, stealing the laptop and other items. Turner is now seeking current and former patients to […]

  • New Report Calls For Enhanced Security To Safeguard Protected Health Insurance

    By Steve Campbell With the release of the recent The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, health care organizations now have a new method to evaluate the “at risk” value of protected health information (PHI) that will enable them to make a business case for appropriate investments to better […]

  • Report Offers PHI Security Guidance, Metrics for Breach Cost Analysis

    March 08, 2012

    To view the original article please click here. By Brian Eastwood Since 2009, the number of Americans affected by data breaches caused by lax protection of health information (PHI) security stands at more than 19 million — roughly the population of the state of Florida.

  • Financial Impact Of Breached Protected Health Information Report Helps IT Pros Make The Business Case For Patient Data Protection

    By Ericka Chickowski As the number of healthcare data breaches continues to snowball, executives put in charge of safeguarding protected health information (PHI) can’t keep up with the risks inherent with increased deployment of electronic health records (EHRs) without enough financial backing to get the job done. And the only way that these PHI protectors can […]

  • PHI Project Release Report About Health Care Data Security

    PHI PROJECT RELEASE REPORT ABOUT HEALTH CARE DATA SECURITY On Monday, the PHI Project released a report about the state of data security within health care organizations titled, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.” Key findings: Weak Data Security: health care organizations are entrusted with safeguarding patient privacy, […]

  • Security Experts At A Loss For Words

    March 07, 2012

    By Abraham To view the original article please click here. No it is not your imagination. Security breaches are on the rise, particularly in healthcare. This is due to the fact that modern techniques are making more healthcare records available in electronic format. While this does wonders for efficiency and potential more accurate diagnosis and faster treatment […]

  • ANSI Publishes Report On Security Breaches

    By AuntMinnie.com Staff Writers The Identity Theft Prevention and Identity Management Standards Panel of the American National Standards Institute (ANSI) has published a 67-page report about the need for healthcare organizations to protect patient information from data breaches. The “Financial Impact of Breached Health Information” discusses the financial, legal, operational, clinical, and other repercussions of […]

  • Healthcare Security Pros Need To Speak The Language of Finance

    Experts say PHI protectors can’t pay for data protection because they don’t know how to make the business case for it By Ericka Chickowski, Contributing Writer, Dark Reading As the number of healthcare data breaches continues to snowball, executives put in charge of safeguarding protected health information (PHI) can’t keep up with the risks inherent […]

  • Rallying Support For Security Investments

    New Method for Quantifying Breach Costs, Justifying Spending By Howard Anderson Because winning the support of CEOs for any new project requires demonstrating a return on investment, information security professionals need to more precisely quantify the potential payoff of their suggested spending on technologies and training, according to a new report. Security specialists need help “putting […]

  • Healthcare Industry CIOs, CSOs Must Improve Security

    March 06, 2012

    By Thor Olavsrud Given that stolen medical records can bring $50 apiece on the underground market, the frequency and magnitude of data breaches involving electronic health records is increasing. In an effort to help CIOs and CSOs build a better business case for enhancing security, a group of standards and security organizations have issued a new […]

  • ANSI: Know The Impact Of A Breach Before It Occurs

    To view the original article please click here. As adoption rates rise, health IT makes protected health information (PHI) available to more organizations and entities, increasing the likelihood of data being improperly disclosed, lost or stolen. Despite the risks and costs of a potential data breach, many healthcare executives aren’t doing enough to support their organizations’ […]

  • REPORT: Securing Protect Health Information ‘Not Always A Top Priority’

    By Renee Boucher Ferguson A comprehensive new report released this week, outlines the fragile state of patient information security, offering up a five-step methodology to help healthcare CIOs and CEOs determine the right level of investment in technology, processes and policy to better protect patient information. In the report, three organizations–the American National Standards Institute (ANSI), The Santa […]

  • New Report Calls For Enhanced Security To Safeguard Protected Health Information

    5-Step Method Provides Health Care Organizations with Tool to Estimate the Overall Potential Costs of a Data Breach To view the original article please click here. ANSI, The Santa Fe Group/Shared Assessments Program Healthcare Working Group,and the Internet Security Alliance to Host Congressional Briefing Today; White House Cybersecurity Coordinator Howard Schmidt to Speak at Press Conference […]

  • Tightened Cyber Security Required For Digital Healthcare Adoption

    By Kris The U.S. government is encouraging healthcare organisations to utilise electronic healthcare records. However this will mean much more is required to be spent on Cyber Security. As “no organisation can afford to ignore the potential consequences of a data breach,” according to the American National Standards Institute. To view the original article please click here. […]

  • Healthcare Industry CIOs, CSOs Must Improve Security

    By Thor Olavsrud Given that stolen medical records can bring $50 apiece on the underground market, the frequency and magnitude of data breaches involving electronic health records is increasing. In an effort to help CIOs and CSOs build a better business case for enhancing security, a group of standards and security organizations have issued a new […]

  • VERIZON: Outside Threats Dominate Data Breaches

    By: Simply Security Outside attacks were most responsible for data breaches in 2011. To view the original article please click here. Verizon Business recently released some of the results of its 2012 Data Breach Investigations Report, which took into account around 90 of the 855 global breaches the company tracked last year. Among the most glaring results […]

  • Quantifying The Financial Risk Of Privacy Breach

    March 05, 2012

    How much should a company handling Protected Health Information (PHI)[1]spend to protect itself from a data breach?  Businesses typically use quantitative methods such as Net Present Value, Internal Rate of Return and Payback Period to make investment decisions.  But investments to prevent breaches of PHI have until now relied on compliance arguments and subjective judgments.  […]

  • Standards Body Releases E-Health Hack Calculator

    By Aliya Sternstein Faced with the reality that health care data breach legislation is unlikely to emerge, the American National Standards Institute on Monday set forth a financial reason for providers to protect their patients’ online privacy. To view the original article please click here. The cost of patient data losses during the past year ranged between […]

  • Study Blames Digital Health Data Breaches on Lack of Funding, Support

    By Chris Strohm WASHINGTON — Insufficient funding and lack of executive support are mainly responsible for security breaches involving patients’ electronic health records, a study found. Executives at health-care companies and providers must improve cost assessments to include payments from class-action lawsuits, said the report released Monday by the nonprofit American National Standards Institute. Its members […]

  • 5 Steps To Estimate Potential Costs Of A Data Breach

    By  Kathleen Roney The American National Standards Institute, The Santa Fe Group/Shared Assessments Program Healthcare Working Group and the Internet Security Alliance have announced a collaborative report which provides information for healthcare organizations to better understand and limit data breach risks and liabilities. To view the original article please click here. According to the report, healthcare organizations […]

  • Report Urges Health Care To Assess Financial Impact Of Data Breaches

    By Brian T. Horowitz As the Obama administration provides incentives for meaningful use of electronic health records (EHRs), efforts by the health care industry to secure patient data, or protected health information (PHI), have lagged behind, according to a new report by the PHI Project, an initiative of 100 health care leaders, including providers and insurance companies, as well […]

  • New Alliance Makes Case For Tighter Reins On Health Info

    Bernie Monegain, Editor To view the original article please click here. WASHINGTON – Several healthcare groups have joined together to demand a tightening of security for protected health information. And they’re making a financial case for it. With the release of “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” healthcare organizations […]

  • Health Organization Lagging In Ensuring Data Privacy, Security

    To view the original article please click here. Many health care organizations lack sufficient resources to adopt strong privacy and security protections for patient data, according to a report by a coalition of health care and data security groups, Modern Healthcare reports (Conn, Modern Healthcare, 3/5).About the ReportThe coalition includes the: American National Standards Institute; Internet Security Alliance; and Santa Fe […]

  • Formula Helps Health-Care Industry Estimate Cost Of A Data Breach

    Puget Sound Business Journal by Emily Parkhurst , Staff Writer In an effort to encourage executives of health care companies to take the threat of cybersecurity breaches seriously, President Barack Obama’s Cybersecurity Coordinator Howard Schmidt on Monday announced a way for companies to evaluate the financial risk of data breach. “When it comes to cybersecurity, we […]

  • Protect Health Data, Report Urges

    By John Pulley March 5, 2012 The time and money spent protecting personal health information from data breaches are well worth the investment, contends a new industry security report. The 67-page report, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” includes a five-step method that health care organizations can use […]

  • A New Report Examines The Financial Impact of Breaches Of Protected Health Information

    AND WAYS TO DEVELOP A BUSINESS CASE FOR ENHANCE PROTECTION OF THE INFORMATION. The free report is a collaborative effort of the American National Standards Institute, consultancy The Santa Fe Group, and the Internet Security Alliance, with input from more than 100 members of 70 organizations. The report offers up “PHIve,” a five-step method to […]

  • 5 Steps To Assess Health Data Breach Risks

    New report delves into the threats healthcare providers face for potential patient data breaches, and provides steps and tools to help assess those risks. By Marianne Kolbasuk McGee March 05, 2012 04:23 PM A new report outlines the financial costs of breaches of protected health data–and offers a five-step method for healthcare providers of any size […]

  • PHI PROJECT: Don’t Ignore Breach Consequences

    March 05, 2012 | Bernie Monegain, Contributing Editor Several healthcare groups have joined together to demand a tightening of security for protected health information. And they’re making a financial case for it. With the release of “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” healthcare organizations now have a new […]

  • 7 Keys To Understanding The Financial Impact Of Breached PHI

    March 05, 2012 | Michelle McNickle, New Media Producer To view the original article please click here. The recently released report, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” highlights the need for organizations to adopt a new method to evaluate the value of PHI, said the leaders of […]

  • Digital Health Data At Risk From Manager Support, Study Finds

    March 04, 2012

    By Chris Strohm – Mar 5, 2012 12:01 AM ET Insufficient funding and lack of executive support are mainly responsible for security breaches involving patients’ electronic health records, a study found. To view the original article please click here. Executives at health-care companies and providers must improve cost assessments to include payments from class-action lawsuits, said the […]

  • ANSI To Release Health Info Security Report

    February 29, 2012

    A March 5 news conference to unveil it will include Howard A. Schmidt, the White House cybersecurity coordinator, and Joe Bhatia, president and CEO of the American National Standards Institute. To view the original article please click here. Feb 29, 2012 Following the release of the new White House “Consumer Privacy Bill of Rights,” described as […]

  • Tax Breaks Considered To Improve Cybersecurity on Vital Networks

    February 14, 2012

    By Chris Strohm (Bloomberg) To view the original article please click here. Feb. 8 (Bloomberg) — Tax breaks and liability protection may spur banking, energy and telecommunication companies to improve cybersecurity on their computer networks, the chairman of a House technology panel said. Representative Greg Walden, an Oregon Republican, said today he will consider taking up […]

  • ANALYSIS: Government Must ‘Modernize’ Cyber Defense

    February 10, 2012

    By Jack Moore (Federal News Radio) Even as the House and Senate debate various proposals for cybersecurity legislation, the cyber environment is rapidly changing, one expert says. To view the original article please click here. Larry Clinton, the president of the Internet Security Alliance, testified before the House Energy and Commerce subcommittee Wednesday on the evolving cyber threat and […]

  • Feds Should Provide Industry With Cybersecurity Data And Incentives, Experts Testify

    February 09, 2012

    (Info Security) The US communications industry needs better information sharing, tax breaks, and liability protection from the federal government to improve cybersecurity, experts told a House panel on Wednesday. Entrust president and CEO Bill Conner highlighted the importance of public-private partnerships to share intelligence and inform the public. “The federal government needs to work more closely with […]

  • Experts Disagree On Focus Of Cybersecurity Legislation

    By Molly Bernhart Walker (FierceIT) Cybersecurity legislation is needed, agreed the panelists speaking Feb. 8 before the House Energy and Commerce subcommittee on communications and technology–but what that legislation should look like was a far more divisive issue. While the telecommunications industry is doing a good job of securing its infrastructure, other sectors need regulations […]

  • Security Experts Ask House For Light Regulatory Touch

    Technology industry representatives — looking to prevent an additional set of compliance requirements — urge House subcommittee to avoid new cybersecurity regulations to shore up the nation’s digital defenses. By Kenneth Corbin (CIO) WASHINGTON — Cybersecurity experts on Wednesday warned members of a House subcommittee against racing to legislation that would establish an overly burdensome […]

  • Cyber Regulation Lost In A Time Machine

    Jettisoning Old Ideas about Securing Vital IT Networks By Eric Chabrow (Gov Info Security) The concept of time supported contrary views on the need for more stringent government regulations to protect the nation’s critical information infrastructure. For Larry Clinton, chief executive of the industry lobbying group Internet Security Alliance, regulation is so last century and other factors […]

  • Entrust President and CEO Outlines Cybersecurity Dangers

    February 08, 2012

    CONNER SPEAKS DURING CONGRESSIONAL SUBCOMMITTEE HEARING Entrust executive provides insight into cybersecurity attacks targeting vulnerable small businesses, enterprises via the Internet DALLAS, Feb. 8, 2012 /PRNewswire/ — Entrust Inc. President and CEO Bill Conner was invited as an expert speaker to the U.S. Subcommittee on Communications and Technology’s cybersecurity hearing in Washington D.C. Wednesday. The invitation to participate in the hearing, […]

  • THE CIRCUIT: Amazon and Viacom Strike A Deal

    CYBERSECURITY HEARING, SPRINT EARNINGS By Hayley Tsukayama (The Washington Post) Amazon and Viacom: Amazon and Viacom announced Wednesday that they had entered into a rights agreement that will bring content from MTC, Nickolodeon, Comedy Central, TV Land and VH1 into Amazon’s streaming video catalog. The deal, announced Wednesday by Amazon, will add about 2,000 titles to […]

  • House Subcom Serious About Cybersecurity

    Experts Say Threat is Growing, as Roles of MSOs,Other ISPs in Battling Attacks By Mike Reynolds (Multichannel) The concerns of House Democrats and Republicans about cybersecurity was made clear in a Hill hearing Wednesday unusually free of the partisan divides that often surface in hearings in the House Communications Subcommittee. During the hearing on “Cybersecurity: […]

  • Legal, Policy Frameworks Can Hamper Cybersecurity

    By William Jackson (GCN) Tools are available to counter many of the threats to today’s digital infrastructure, but a legal and policy framework created for an analog world often hampers their implementation, a panel of industry representatives told a House panel. There was some disagreement among the panelists testifying Feb. 8 before subcommittee of the […]

  • Cybersecurity Experts: Major Telecom Providers Are Secure

    By Gautham Nagesh (The Hill) The major telecom providers have done a good job securing their networks and don’t require further regulation by the government, experts testified Wednesday. James Lewis, the director of the Center for Strategic and International Studies, said telecom companies have addressed cybersecurity on a level that other sectors have not. “The […]

  • OVERNIGHT TECH: Telecom Subpanel Tackles Cybersecurity

    February 07, 2012

    By Brendan Sasso and Gautham Nagesh THE LEDE: The House Energy and Commerce telecom subpanel will hold a hearing Wednesday morning on the cybersecurity threat to the nation’s communications networks. The House has recently begun to move on cybersecurity legislation that would enhance information sharing between the government and private sector about cybersecurity threats and […]

  • SAAS, APTS And Asymmetric Risk The Spotlight As Security Threats

    February 03, 2012

    By Bernard Golden (CIO-IN) I had the opportunity to speak at a new security conference last week, Security Threats 2012. I presented on the topic of balancing business benefits with risks in the cloud (more on that later), but the event touched on a wide range of pertinent IT topics, provoking stimulating discussions of some […]

  • Senate Cyber Legislation Facing Industry Resistance Over Cost

    January 31, 2012

    By Eric Engleman and Chris Strohm Jan. 31 (Bloomberg) — A Senate measure aimed at compelling operators of vital U.S. utility and other networks to strengthen cybersecurity drew resistance from some business groups concerned that the bill would raise companies’ costs. Responses to draft versions of the legislation have included “hard pushback” from trade groups […]

  • Security Software Program Essentials

    December 11, 2011

    COMPUTER INTERNET SECURITY SOFTWARE PROGRAM By Ona (Apollomozi) Using your laptop and a reliable Internet connection could be the best combination for an ideal enterprise opportunity. You don’t want increase too much capital for your enterprise venture. With just a reliable Internet connection and laptop system (which, due to vast availability and utilization, change into […]

  • Internet Security Alliance Gathers At NAM

    December 07, 2011

    By Matthew Lavoie (Shopfloor) Chairman of the House Intelligence Committee Mike Rogers (R-MI) stopped by the NAM headquarters today address the board of the Internet Security Alliance.  He shared the details of H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011 a bill he sponsored with Ranking Member Dutch Ruppersberger (D-MD) that was […]

  • Internet Security Alliance Endorses Cyber Security Legislation

    November 18, 2011

    By Anthony Freed (InfoSec Island) To view the original article please click here. Internet Security Alliance President Larry Clinton praised the new direction on cyber security legislation that was signaled in a pair of new letters from Senator Majority Leader Harry Reid (D-NV) and 4 key Senate Republican leaders. “I note with great enthusiasm Majority Leader […]

  • RSA: Internet Security Alliance President Larry Clinton

    July 02, 2011

    By Anthony Freed (InfoSec Island) Larry Clinton is President and CEO of the Internet Security Alliance (ISA). Infosec Island provides ISA members with additional news and information links via their daily email updates. ISA is a multi-sector industry group created by the former Chairman of the U.S. House Committee on Intelligence and Carnegie Mellon University. […]

  • Trade, Civil Liberties Groups Urge Cybersecurity Incentives

    March 09, 2011

    Grant Gross (IDG News ), PC World, 03/09/2011 To view the original article please click here. The U.S. government should look to incentives as a way to encourage businesses to adopt better cybersecurity practices, instead of creating mandates, recommends a new paper from four trade groups and a civil liberties group. ConcernAlthough some cybersecurity experts have […]

  • Industry Groups Push For Security Incentives, Not Laws

    Angela Moscaritolo, DC Magazine, 03/09/2011 Instead of imposing additional security regulations, the U.S. government must work with the private sector to develop incentives that motivate companies to voluntarily adopt security best practices, a coalition of industry associations and civil liberties groups recommended in a white paper released Tuesday. The paper, crafted by members of the […]

  • ADVANCED PERSISTENT THREAT: Industrial Strength Hacking

    February 08, 2011

    Expert Voices Thought Leader: Sounil Yu By Sounil Yu (Booz Allen Hamilton) Why did you choose Booz Allen? Actually, Booz Allen chose me via the employee referral program. But I knew Booz Allen was a prestigious firm, so I was pleased to have been chosen. My old company was an accounting organization that offered consulting, […]

  • ARTICLE 12/9/10

    December 09, 2010

    To view the original article please click here. PRO-WIKILEAKS CYBERATTACKS SHOW GROWING THREAT By Oren Dorell and Jack Gillum (USA TODAY) A cyberattack by supporters of WikiLeaks against the MasterCard and Visa websites foreshadows a new generation of increasingly dangerous assaults on the Internet, security experts say. “This will serve to inspire other bad guys,” said Rob Rachwald of […]

  • Education’s Critical Role In Cybersecurity

    September 01, 2009

    By Larry Clinton (Educause) Larry Clinton is President/CEO of the Internet Security Alliance. He is a member of the “Experts Panel” created by the General Accountability Office (GAO) at the request of the House Committee on Homeland Security to assess cybersecurity and make recommendations to the Obama Administration. Comments on this article can be posted […]

  • Cybersecurity: Network Threats and Policy Challenges

    May 01, 2009

    | C-SPAN

  • SECURING CYBERSPACE: What Exactly Should We Be Doing?

    May 01, 2006

    By Larry Clinton (Cutter IT) To view the article please click here.


 

Audio and Radio Appearances: