[Dataloss] University of MD mails 24000 SSN on front of envelope
Arshad Noor
arshad.noor at strongauth.com
Wed Jul 23 16:46:51 UTC 2008
Couldn't agree with you more, Michael. In fact, the lack of training
of involved personnel, and the lack of a culture that encourages "risk
detection and management" is probably the single biggest weakness in
most IT environments today. There is far too much trust placed in
technology and not enough in the ability and training of humans to
address security risks. While I would like to say that companies lose
as a result of this myopia, in the long-term we consumers wind up
paying for those losses, unfortunately.
Arshad Noor
StrongAuth, Inc.
Michael Hill, CITRMS wrote:
> Lack of education and training given to employees, contractors and service
> providers to help spot security vulnerabilities. Periodic training
> emphasizes the importance you place on meaningful data security practices.
> A well-trained workforce is just as important defense against identity theft
> and data breaches as are physical and electronic security.
>
> In this case, I cant believe nobody in the whole process did not spot the
> SSN or at least question it when seeing a 9 digit number. Training
> certainly could have uncovered this, though we will never know.
More information about the Dataloss
mailing list