Security - Engineering For Everyone ! Essay
Corporations in all sectors share a common goal: to make money. This is not an eye opening statement, but the following might be: “Corporations in all sectors share a common theme – they barely (if ever) care about security.” While some reading this may simply stop at that statement and whisper “he is insane,” many tasked with information security would wholeheartedly agree with me after reading this in its entirety.
During my thought process while writing this, I kept remembering a common statement from many clients, peers, and readings about the topic of the security: “Management doesn’t care. Security is not in the budget… they don’t get it.” This train of thought repeats in many of the articles I write surrounding security. Never have I thrown those statements out, just to fill space. I have written them based on experience.
Recently a hospital in my state was fined $90,000.00 for a stolen laptop that contained 8,883 medical records. The fine was a measly $10.13 per record. On the other side of the spectrum, $90,000.00 would have enabled full disk encryption on no less than 100 laptops. That 90k fine would have been zero thanks to HIPAA rules: “The Breach Notification Rule requires most healthcare providers to notify patients when there is a breach of unsecured PHI” . Using encryption would have protected the hospital from some embarrassment.
How many breaches have you read about this year? In case you may not be aware of the…