Security 7 Award winners tackle important information security issues


This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."

Download it now to read this article plus other related content.


security for the masses
Primary Care by Michael Mucha

Security cannot be a discipline unto itself; it must serve all entities in the enterprise.



Michael Mucha
  • TITLE Chief information security officer
  • COMPANY Stanford Hospital
  • INDUSTRY Health care
    • Manages a 30-person security team.
    • Primary focus is security risk to student and patient data, compliance and business considerations.
    • Relies on outsourcing and software as a service to address operational security tasks.
    • Built

    Requires Free Membership to View

    • an ecosystem of vendor technologies, services and support to augment the experience of his team.
    • In the midst of a four-year clinical information security project that addresses privacy and regulations.
    • Helped create the Stanford University Medical Center Network, a secure collaboration and communications network enabling appropriate access to apps, research and administrative systems.


An executive I barely know recently dropped off a parcel in my office, something I was nonetheless expecting. A few hours later he mentioned it to me in a meeting, with both humor and trepidation: "I was nervous about going into the security officer's office when he wasn't around." Hearing that I thought, "My office doesn't have a whole lot of sensitive data in it. I don't have access to the financials. The HR investigation reports are on a server elsewhere. My screen is locked. Why should my office be a little fortress, compared to the cubicle the junior accountant populates?"

Sensing that the particular moment wasn't right for a speech on security philosophy, I quipped, "You know, it wasn't a problem because the lasers didn't activate." This drew hearty laughs.

This anecdote illustrates a commonly held belief that security is not a meta-discipline that serves all walks of enterprise life, but rather that "security is what security people do." Lay people, i.e., those who aren't full-time security pros, tend to think about security to the extent that security people bug them about it. Security is a bunch of paranoids creating ridiculous things with lasers and so forth, while the business moves along on its own.


This was first published in October 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: