Steps Organizations Can Take to Get Ready
Attorney Adam Greene offers insights on what organizations should be doing now to prepare for compliance with the proposed rules for Stage 2 of the HITECH Act electronic health record incentive program.

Small, Mid-Size Enterprises Especially Need to Develop Strategy
Why do so many small and mid-sized enterprises continue to believe that business continuity planning is just for the big guys? And how do we go about convincing them otherwise? Here are some tips.

Howard Schmidt to Step Down at End of Month
Michael Daniel, who as chief of the White House budget office's intelligence branch has extensive background in IT security, will replace Schmidt as cybersecurity coordinator.

Do you have the right personality type to flourish in an IT security role? Laurence Shatkin, author of "50 Best Jobs for Your Personality," offers tips for finding the job that truly fits your type.

New CTO Named, Independent Auditor Hired
Utah Gov. Gary Herbert has taken several steps in the wake of a hacker attack against an unencrypted server that exposed state health department information on 780,000 individuals. Experts assess whether the steps are the right moves.

Visa, MasterCard Offer Revised Timeline
New alerts from Visa and MasterCard suggest that the breach at payments processor Global Payments Inc. dates back to January 2011 - an exposure window significantly longer than what was originally reported.

In a notice of a new system of records, the Department of Veterans Affairs is seeking comments on proposed privacy practices for the Virtual Lifetime Electronic Record project now in development. The VLER effort is a long-term project of the VA and the Department of Defense designed to pave the way for improved sharing of records among providers treating veterans, members of the armed services and others.

This request for information seeks comments on plans for voluntary national standards, including privacy and security guidelines, for health information exchanges. The announcement poses 66 questions.

A Year After Its Debut, Index of Cybersecurity Rises by 30 Percent
Factors driving up the index vary from month to monthly, but the clear takeaway of the survey of IT security practitioners is that they're getting more apprehensive about safeguarding IT.

How common are padded resumes like the one that led to the departure of Yahoo CEO Scott Thompson? Far too common, says attorney Les Rosen, who offers tips to help organizations manage such risks.

When breaches occur, most organizations struggle to collect the right data and get investigations off the ground. How can breach response improve? Verizon's Chris Novak offers expert advice.

Tips on Building Trust Greatly Needed
A new guide from federal regulators on key privacy and security issues to address when adopting electronic health records is valuable. But additional guidance on risk assessments and other issues is needed.

Answering That Question Isn't So Easy
The lack of common definitions, understandings and approaches among countries may hamper international cooperation on cybersecurity, a need acknowledged by most countries.

Americans express a bit less anxiety about their security than they felt a year ago, perhaps because they've become desensitized by extensive news reports about cyberattacks last spring, says Unisys' Steve Vinsik.

This proposed rule outlines requirements, including privacy and security provisions, for a hospital or physician practice to qualify as a "meaningful user" of certified electronic health record software to qualify for Stage 2 of the HITECH Act EHR incentive program.

This proposed rule outlines requirements, including privacy and security provisions, for electronic health record software certified as qualifying for Stage 2 of the HITECH Act EHR incentive program.

What are organizations' top cloud security concerns, and how are security leaders addressing these concerns through policy, technology and improved vendor management?

This is the key question posed by the 2012 Cloud Security Survey.

No longer just an emerging technology practice, cloud computing today is embraced globally as a means of gaining efficient access to critical applications, processes and storage. It's now common for organizations to rely on cloud service providers for functions and business applications such as customer relationship management, messaging or storage via a public, private or hybrid cloud. Further, industry-specific cloud-based applications such as electronic health records or mobile banking and payment applications are emerging at an unprecedented pace.

But these engagements come with questions about risks:

• What are your cloud service provider's security and privacy measures, and have they been audited?
• Where geographically is cloud data being stored, and how do operational practices comply with government, industry and organizational privacy regulations?
• How is a multi-tenant cloud environment managed, and in the event of system compromise - what will be the incident response escalation process?

Yes, cloud computing is about efficiencies and new technologies, but it's also about security, privacy and an organization's reputation.

The 2012 Cloud Security Survey was crafted with assistance from leading experts in cloud computing, security and privacy, with a mission to:

• Chart the latest cloud trends, including types of cloud implementations most common by industry and region;
• Gauge organizations' top cloud security concerns, from vendor security to data governance and breach preparedness;
• Predict the top areas of investment for organizations most concerned about cloud security.

This webinar will draw upon survey results and expert insight from a special roundtable panel to discuss:

• Top Security Concerns - Are organizations more concerned about where their data is stored, or whether a malicious insider might be a threat to it?
• Success Factors - On a scale with cost savings and availability of services, how does security now rank among elements critical to a successful cloud computing implementation?
• Protective Measures - What are some of the practices organizations are employing, from instituting more stringent contracts to enforcing third-party audits and even participating in mock security exercises with cloud service providers?

Fact: 2.5 Million Healthcare facilities must become HIPAA compliant by 2015.

The primary goal of any healthcare provider is providing healthcare on demand to a wide array of patients. An equally important goal is the ability to financially sustain the practice and its employees. Finally, there is the goal of protecting patient's records which is now government mandated by HIPAA regulations.

Chances are, choosing a disaster recovery (DR) solution to support your healthcare organization is a critical step in becoming HIPAA and HITECH compliant, as well as improving business continuity and security. Choose the wrong DR solution can cause unnecessary downtime and dataloss. Choose the right DR solution and you become a hero to your organization...and to your bottom line by reducing your total cost of ownership and putting your HIT dollars to good use.

Join this webinar to help steer you disaster recovery and compliance in the right direction.

HEROware, a leader in business continuity, HIPAA and HITECH compliant appliance-based DR solutions, and Kaseya, the leader in IT service solutions, will discuss details on how to navigate this complex process, including:

• How HIPAA and HITECH requirements impact the need for DR solutions
• Implementing 5 best practices for a successful DR program
• Pros and cons between various DR solution methodologies

You'll also hear from HEROware/Kaseya customer, Dan Gross, as he discusses his real-life DR implementation and steps to success. Don't miss this opportunity to leverage these lessons learned for your healthcare organization!

Total EHR software spending by all types of providers was approximately $2 billion in 2009 and is expected to grow to approximately $3.8 billion in 2015.

Still, despite this large investment, many providers fail to achieve the critical goals of implementation and use. Why?

Adding technology to ineffective workflows does not resolve the underlying problems. Successful implementation occurs with the combination of a new technology and process changes simultaneously.

In this session, join Kaseya, the leading global provider of IT systems management software, and Juran Institute, the global source for business process improvement training and consulting, to learn how your healthcare organization can:

• Align process redesign with technology to alleviate the pain of converting to an HER;
• Increase the likelihood of achieving real financial and operational benefits.

A follow-up to ISMG's 2011 Faces of Fraud Survey, this webinar looks not only at the latest fraud trends and how institutions are fighting back, but also at their progress in putting together layered security controls in conformance with the FFIEC Authentication Guidance.

Given the persistence of fraud threats and the demands of the FFIEC Authentication Guidance, the 2012 Faces of Fraud Survey is crafted with assistance from leading experts in fraud detection and prevention, with a mission to:

• Chart the latest fraud trends, including account takeover, skimming and payment card breaches;
• Gauge institutions' preparedness to conform to the FFIEC Authentication Guidance, including where they are prioritizing their efforts;
• Predict the top areas of focus for 2012, from real-time fraud monitoring tools to new layered security controls.