Anatomy of ID Theft
Research earlier tonight took me on an unplanned scavenger hunt. It began after seeing Emory University's recent computer theft that placed nearly 40,000 cancer patients at risk for ID theft. The information was stored on a computer at Electronic Registry Systems, a business contractor for Emory Healthcare. I wondered about Electronic Registry System; who they are and more importantly, where they are. After all, a lot of our data employment has been outsourced and a quote that haunts me is one by Peter Gregory, Chief Security Strategist with VantagePoint:
"In this, the Information Age, a country like India could disconnect itself from the Internet and hold America hostage--a provocative action that would be tantamount to an act of war."
Take a look at the words of security expert Ron Solecki, as quoted on ITtoolbox Groups and 'Computer Theft and the Victims'. Mr. Solecki bases IT Security on 3 aspects:
Integrity
Availability
Confidentiality
Solecki goes on to list the following:
People. They cause security vulnerabilities and they take
advantage of the security vulnerabilities and other people.
Application. If the network is not designed securely, it will bleed out confidential information to anyone who asks.
Physical. Even if everything else is done correctly, if you have
your server located under the receptionists desk at the front door, anyone can walk in, unplug it, and walk out.
Policy & Procedure (& Enforcement). If everything else is
secured, if there is no policy saying people can and can't do certain
things, then data is going to leak.
And now the news from India, when this past December 27th, thieves fled with two laptops, nine AMDs, four motherboards, five LCDs, 20 DVD combo drive, two DVD RW, eight RAM, two Intel 2.8 Dual Core and hard disk 80GB SATA. To give you an idea of how such a security breach is viewed there, read the words of the computer shop owner.
“When we got to know about the incident we immediately rushed to the nearest police station to file an FIR. But forget about expecting any action, we did not even receive any kind of support from the police. They came to my shop to take a round but could only create a scene and nothing else,” lamented Saurabh Sharma, MD, Gayatri Computers.
Reading all of the above and applying it to our thousands of unguarded county websites as well as data registries such as Emory's, is enough to make one tremble. And it certainly should be.
Lack of integrity. Around the clock, worldwide availability. No policy, no procedure, and lack of enforcement even where there are laws established to protect from identity theft - and that list is miniscule.
Until America requires integrity in security and the citizens demand accountability, FindMyID will continue to search those free-flowing records to let you know what's available online about your family. It's a finger in the dike, but it's better than nothing.
www.FindMyID.com
"In this, the Information Age, a country like India could disconnect itself from the Internet and hold America hostage--a provocative action that would be tantamount to an act of war."
Take a look at the words of security expert Ron Solecki, as quoted on ITtoolbox Groups and 'Computer Theft and the Victims'. Mr. Solecki bases IT Security on 3 aspects:
Integrity
Availability
Confidentiality
Solecki goes on to list the following:
People. They cause security vulnerabilities and they take
advantage of the security vulnerabilities and other people.
Application. If the network is not designed securely, it will bleed out confidential information to anyone who asks.
Physical. Even if everything else is done correctly, if you have
your server located under the receptionists desk at the front door, anyone can walk in, unplug it, and walk out.
Policy & Procedure (& Enforcement). If everything else is
secured, if there is no policy saying people can and can't do certain
things, then data is going to leak.
And now the news from India, when this past December 27th, thieves fled with two laptops, nine AMDs, four motherboards, five LCDs, 20 DVD combo drive, two DVD RW, eight RAM, two Intel 2.8 Dual Core and hard disk 80GB SATA. To give you an idea of how such a security breach is viewed there, read the words of the computer shop owner.
“When we got to know about the incident we immediately rushed to the nearest police station to file an FIR. But forget about expecting any action, we did not even receive any kind of support from the police. They came to my shop to take a round but could only create a scene and nothing else,” lamented Saurabh Sharma, MD, Gayatri Computers.
Reading all of the above and applying it to our thousands of unguarded county websites as well as data registries such as Emory's, is enough to make one tremble. And it certainly should be.
Lack of integrity. Around the clock, worldwide availability. No policy, no procedure, and lack of enforcement even where there are laws established to protect from identity theft - and that list is miniscule.
Until America requires integrity in security and the citizens demand accountability, FindMyID will continue to search those free-flowing records to let you know what's available online about your family. It's a finger in the dike, but it's better than nothing.
www.FindMyID.com
posted by Happy at 12:57 AM
0 Comments:
Post a Comment
<< Home