[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/06/Org-chart1.jpg” thumb_width=”150″ /]Mansur Habib, PhD and cybersecurity strategist, formerly CIO for the Baltimore City Health Department, proposes that any data breach analysis should start first with a hard look at the organizational chart. If the CIO or the chief information security officer (CISO) doesn’t report directly to the CEO, the executive clearly does not place priority on IT and data security, treating it as a cost center to be restricted; in his words, they do not ’embrace cybersecurity risk as business risk’. In his 2013 doctoral research in 2013 and subsequently, Dr Habib observed that about half of US HIT and cybersecurity heads report to the chief financial officer (CFO) or some other executive like a CAO (administrative). His withering take on most CEOs are that they are more concerned with stock price
and covering breach losses via insurance rather than preventing cybersecurity failure and harm to customers. In his analysis of data breaches, he also observes organizational and governance breakdowns plus an inability to follow legal requirements.
Anthem, late of an
80 million patient breach, he offers as a perfect example–well-designed phishing abetted by lax access controls=Happy Hacker Hunting. And if you include the CEO of the USA as
Megan McArdle did….
EnterpriseTech (Security Edition)
Most Recent Comments