May 25, 2006

Data Security: An Oxymoron

Richard Kuper
The Kuper Report
http://TheKuperReport.com

On May 9th I gave a presentation on Data Security at the NYC Software Process Improvement Network (NYC SPIN) annual Ten Minute Madness Event. In my presentation titled: "Data Security: An Oxymoron?" I highlighted news that had come out over the prior several weeks:

-Laptops stolen with unsecured data from financial firms

-CDs distributed with private data by, in this case, the Republican
Party

-University systems getting hacked

-State and local governments posting private data on the internet

-A breach allowing Retail Credit Card holder information to be accessed

-Unauthorized access to data by insiders

-The Federal Government hiring a firm that allowed criminals to set up
fake ids and access private data to guard the security of data for the
government

-A company not validating the practices of the firm they hired to
securely scrub data from recycled hard drives and finding the
unscrubbed hard drives on ebay

In the past week, there has been news about a stolen laptop that contained names, addresses, social security numbers and more on over 26 million veterans and news about a Red Cross employee having improper access to sensitive data such as social security numbers of over 1 million blood donors.

In my presentation, I pointed out that if all of the government agencies, colleges, retail stores, major corporations, and others had good

-Policies,

-Processes,

-Procedures,

-Standards, and

-Best Practices

(and enforced them), then perhaps much of this could have been avoided.