Valuing secure access to personal information
Securing data is not a simple endeavor; a multi-discipline, defense-in-depth approach is necessary, as information can leak at any point in the communication process, from receipt, through storage, retrieval, transmission, and so on. Furthermore, each information system element is vulnerable to loss, including hardware, software, and personnel. Add to this the exceptional efforts made by those who want to acquire information through illicit means, whether for espionage, criminal, political, mischievous, or other intent... someone is always trying gain access to information they shouldn't have.
Organizations, for the most part, have come to recognize the value of the operational and functional information they possess, and are taking pains to protect it accordingly. This might be because of legislation such as the Health Insurance Portability and Accountability Act (HIPAA), which mandates better security processes, or because of every-increasing case law findings against organizations that don't do enough to protect their own vendors' and customers' data, such as the decision earlier this year against the U.S. Department of Interior for not maintaining adequate control of Bureau of Indian Affairs databanks.
By Ben Malisow at SecurityFocus.
[ Read more ]