Could proposed legislation force manufacturers and healthcare entities to put more effort into bolstering the cybersecurity of medical devices? In an interview, cybersecurity expert Joshua Corman provides in-depth analysis on the movement to improve the state of medical device security.

The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.

The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.

Healthcare organizations need to consider a number of legal issues when it comes to cybersecurity incidents involving medical devices, attorney Thomas Barnard explains in an in-depth interview.

From zero-day exploits to IoT vulnerabilities to the sheer number of prospective adversaries, the threat landscape is ever-shifting. And global regulatory pressures are only mounting. How must security leaders respond? Symantec's Renault Ross offers insight.

Communication consultant Michael Santarcangelo outlines three key questions CISOs should ask at the outset of any project to convey security's value and clearly set expectations

How could the private sector benefit from steps federal agencies are taking to improve the cybersecurity of the internet of things and medical devices? In an in-depth interview, two experts at UL who are working closely with the agencies explain the potential impact.

In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.

Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.

As the GDPR enforcement date edges closer, organizations remain unprepared to comply, says BitSight's Elizabeth Fischer - especially when it comes to vendor risk management. What - beyond contracts - do organizations need?