A federal appeals court has ruled in favor of victims of the 2007 Hannaford data breach. Attorney Ronald Raether explains the ruling and what it potentially means to future breached entities and their customers.
If management awareness of information security issues increases, will an organization's commitment to securing practices and policies also increase? This is the question answered by an eye-opening new study.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
As far as Dr. Giles Hogben of ENISA is concerned, now might be the golden opportunity for information security experts to influence the security and privacy measures that may help define Internet safety for the next decade or beyond....
ACH fraud victim Mark Patterson says small businesses like his welcome improved online security measures from banking institutions. But is the new FFIEC Authentication Guidance sufficient? Patterson says no.
Winning senior executive support for information security spending requires "a solid business case of justifications," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center.
Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.
One reason why so many healthcare organizations are not well-prepared to counter security threats is that "key leadership has not bought into the whole process," says Bob Krenek of ExperianÂ® Data Breach Resolution.
Penetration tests that demonstrate how an unauthorized user could gain access to patient information can be effective in winning support for a bigger information security budget, says David Kennedy of Diebold, Incorporated.