The Business-Technology Weave

Apr 30 2011   6:10AM GMT

No One Ever Talks About the Positive Aspects of Breaches…

David Scott David Scott Profile: David Scott

 

Ok, I’m being a little facetious. 

 

However, 3.5 million people are to receive free credit monitoring, courtesy of Texas Comptroller, Susan Combs, according to The Dallas Morning News.  The monitoring may cost the state up to $21 million.  Why is the state doing this?

 

Ms. Combs announced that Social Security Numbers and other personal information had been available via a public server at her agency for more than a year.  That’s almost as bad as things can get – just short of a state actually colluding with breaching entities –  when you’ve got publicly accessed resources, with sensitive personal information of millions of people exposed, laying out for the taking.  Rather incredible, when you think about it.

 

According to the comptroller’s office, they discovered this problem March 31st, however, they didn’t notify the attorney general’s office for a week’s time.  They then waited another 10 days or so before informing the public. 

 

The time lapse was defended, though, and we can certainly trust the comptroller’s office’s judgment, no?  (Facetious mode back on, just then – ok, back off now –>)  They needed time to study the problem; and it’s good that they set up a call center and informational website in readying for public notification. 

 

Still – anything could have happened in the approximately 3 weeks lag:  I know that if my personal, critical, data was hanging out there for over a year, I want to be told now, and I want to know the vulnerability is sewn shut, also as of now.

 

While there is no evidence of misuse (as of… er, now), we can note something besides the necessity for timely notification to stakeholders (in this case, the public).  That something is the enormous leverage to be had in proactive protections.  Imagine the simple security procedures – that is, security and data audits, paired with the best progressions of security reviews, policies and plans – that can be cost-apportioned over the entire Texas state server and application farm – in making all information activity and related data as secure as possible. 

 

What we here in the Weave call: 

 

A modern arena for doing things right – right on time.

 

But you have to have a Business-Technology Weave with all modern, leading, sensibilities and practices in thwarting new threats, evolving threats, and stupid old threats – like someone setting up and running servers that contain critical data, with wide-open access.

 

Might be a good reminder to audit your own security standing and practices.

 

As a final thought:  Is human error, such as laying out the wrong data for potential public consumption, really a breach?  Isn’t that a measure of simple human error?  If you dynamite a bank vault and make off with money, you’ve breached that vault.  However, if a bank leaves a vault open overnight, with the front door wide open, and we then stroll in and fill suitcases with money and plunder – is that a breach?  It’s not quite the same thing.  Stay tuned… I think breach vs. human error merits a little more thought…

 

 

NP:  Thin Lizzy, Live and Dangerous, on CD.  (But some vinyl will spin tonight)

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: