“The data security fault, dear Brutus, is not China, but in the company org chart”

click to enlargeMansur Habib, PhD and cybersecurity strategist, formerly CIO for the Baltimore City Health Department, proposes that any data breach analysis should start first with a hard look at the organizational chart. If the CIO or the chief information security officer (CISO) doesn’t report directly to the CEO, the executive clearly does not place priority on IT and data security, treating it as a cost center to be restricted; in his words, they do not ’embrace cybersecurity risk as business risk’. In his 2013 doctoral research in 2013 and subsequently, Dr Habib observed that about half of US HIT and cybersecurity heads report to the chief financial officer (CFO) or some other executive like a CAO (administrative). His withering take on most CEOs are that they are more concerned with stock price and covering breach losses via insurance rather than preventing cybersecurity failure and harm to customers. In his analysis of data breaches, he also observes organizational and governance breakdowns plus an inability to follow legal requirements. Anthem, late of an 80 million patient breach, he offers as a perfect example–well-designed phishing abetted by lax access controls=Happy Hacker Hunting. And if you include the CEO of the USA as Megan McArdle did…. EnterpriseTech (Security Edition)

Categories: Latest News.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>