IT Operations
IT Operations | News, how-tos, features, reviews, and videos
Four states propose laws to ban ransomware payments
Some state legislatures are debating bills that could limit or ban ransom payments. A better option, experts say, is mandatory reporting of ransomware attacks.
Government-mandated SBOMs to throw light on software supply chain security
The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.
IT asset disposal is a security risk CISOs need to take seriously
Sensitive company and personal data often leaves organizations on disposed devices. An auditable chain of custody that shows data destruction is essential for any ITAD program.
US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks
Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.
GAO calls out US government agencies: Get your supply chain security act together
The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.
HITRUST explained: One framework to rule them all
HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.
TSA’s pipeline cybersecurity directive is just a first step experts say
The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.
Biden administration releases ambitious cybersecurity executive order
Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial Pipeline attack.
Biden administration releases 100-day plan to address electric system cybersecurity risks
The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE's role in coordinating cybersecurity efforts.
Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past
President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.
States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks
Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.
Virginia data protection bill signed into law
The state is the second in the nation to enact a consumer data protection law along the lines of the EU's GDPR. Here's what businesses need to know about Virginia's CDPA.
5 ways to combat audit fatigue
The growing number of audits for security and privacy regulatory compliance is stressing security personnel and draining resources from security operations. Here's how to better manage them.
The HITECH Act explained: Definition, compliance, and violations
The Health Information Technology for Economic and Clinical Health (HITECH) Act aims to expand the use of electronic health records through incentives to health care providers and consumers. It also tightens rules on providers to...
How strong, flexible data protection controls can help maintain regulatory compliance
An effective approach to data protection controls embraces ethical standards and anticipates new requirements. Here’s how some CISOs and other experts tackle the issue.
The future of work: Coming sooner than you think
What will your worklife be like years from now? Today's work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld, CSO, InfoWorld, and Network World illustrate.
HIPAA explained: definition, compliance, and violations
HIPAA (the Health Insurance Portability and Accountability Act) is a law passed in 1996 that imposes stringent privacy and security mandates on health care providers—and most of their IT vendors.
SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda
More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.
US bulk energy providers must now report attempted breaches
US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an "attempted" breach.
CPRA explained: New California privacy law ramps up restrictions on data use
The California Privacy Rights Act (CPRA) is a new law that toughens some data security requirements, brings California more in line with Europe's General Data Protection Regulation, and creates a new state agency—the California...