Oct
27
Editor’s Note: The FDA guidance document for industry, “Oversight of Clinical Investigations — A Risk-Based Approach to Monitoring” is available here.
From: Outsourcing-Pharma.com
The US Food and Drug Administration (FDA) has signed an agreement with CluePoints to “further explore” a data-driven approach to quality oversight in clinical trials.
Oct
24
From: GCN
By Jai Dargan
After more than 16 years, the Office of Management and Budget released the long-awaited revision of its Circular A-130, “Managing Information as a Strategic Resource,” the governing document for the management of all federal IT systems. This circular has been updated to better reflect the challenges associated with IT systems management as well as an evolving information security threat landscape.
Ordinarily, an update to a regulatory document like A-130 would not garner much attention around the Beltway, especially during an election season. But after the Office of Personnel Management data breach in June of 2015, the revised A-130 could not have come at a better time, especially for agency officials tasked with modernizing legacy IT systems and safeguarding information assets against persistent cyber threats.
Oct
20
From: National Defense
By Yasmin Tadjdeh
***
Under guidance from the department’s defense security service, companies doing business with the Pentagon will soon be required to stand up a program to “gather, integrate and report relevant and available information indicative of a potential or actual insider threat.”
The requirement — which has a Nov. 30 deadline — is part of a change to the Defense Department’s “National Industrial Security Operating Manual,” and was announced in a letter released in May.
Oct
13
From: Enterprise Tech
U.S. government agencies’ slog to the cloud, a journey that has lately been complicated by a new set of security requirements designed to fend off an outbreak of “nation-state” cyber attacks, registered some modest progress this week when another cloud services provider announced it had achieved “ready status” under a federal cloud security initiative.
***
Company executives noted that the phase one FedRAMP approval means cloud providers seeking federal certification can use the Halo security platform for auditing and monitoring many of the controls requirement under the FedRAMP certification process.
Oct
06
From: Energy Voice
Written by James Parry
***
However, only just over half (62 percent) were actively monitoring and analysing security intelligence. What is the quality of that threat intelligence? If we look at a piece of research from Ernst and Young conducted in 2015, we find that 61 percent of O&G organisations believe it’s unlikely or highly unlikely that they would be able to detect a sophisticated attack. Nearly a third 29 percent had no real-time insight on cyber threats. Only 13 percent believe that their information security function is fully meeting needs.
Oct
05
From: Slashdot
“The cost of cyber attacks is 1/10th to 1/100th the cost of cyber defense,” says the CTO of Splunk — because the labor is cheap, the tools are free, and the resources are stolen. “He says what’s needed to bring down the cost of defense is collaboration between the public sector, academia and private industry…the space race for this generation,” reports Slashdot reader davidmwilliams.
Splunk CTO Snehal Antani suggests earlier “shift left” code testing and continuous delivery, plus a wider use of security analytics. . . .