topleft
topright
Creating a Security-Conscious Culture Print E-mail
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
Monday, 03 August 2009

By Mike Spinney

Here's a brazen bit of breachery from the Miami Herald. It's a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee, plus a percentage of his lawsuit earnings.

Apparently the scheme went on for two years before the hospital employee blabbed about it. Luckily for Miami-area residents, someone with a clearer moral compass recognized the crime and told authorities.

This isn't all that different from the revelation that UCLA Medical Center employees were abusing their access privileges to snoop in the files of celebrity patients, either for their own amusement or to pass info along to the tabloids.

While both stories are a reminder of the serious threat posed by malicious insiders, the Jackson Memorial case offers another lesson: don't overlook the importance of personal ethics in your security strategy.

We have no information about the security and ID/access management technologies in place at Jackson Memorial, and we don't know if the person who tipped the police was a co-worker.

But we do know that someone who knew right from wrong had the moral courage to do the right thing when confronted with information related to misconduct.

Good, consistent training and an ongoing awareness campaign -- along with a visible example set from the top down -- can have a positive effect on your company's overall security program (and at a very reasonable cost).

We cannot emphasize enough the importance of creating a security-conscious culture within every organization.

Copyright © 2008 To Present · Information-Security-Resources.com

Mike Spinney, Senior Privacy Analyst, CIPP is a senior privacy analyst with the Ponemon Institute, a research organization dedicated to advancing responsible information and privacy management practices in business and government.




Comment on this article
RSS comments

Only registered users can write comments.
Please login or register.

 
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
< Previous   Next >




White Paper Library

Copyright © 2007-2014 CIOZones. All Rights Reserved. CIOZone is a property of PSN, Inc.