Security 7 Award winners tackle important information security issues

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."

Download it now to read this article plus other related content.

 

security for the masses
Primary Care by Michael Mucha
 

Security cannot be a discipline unto itself; it must serve all entities in the enterprise.
 

 

 

Michael Mucha
  • TITLE Chief information security officer
  • COMPANY Stanford Hospital
  • INDUSTRY Health care
  • KUDOS
    • Manages a 30-person security team.
    • Primary focus is security risk to student and patient data, compliance and business considerations.
    • Relies on outsourcing and software as a service to address operational security tasks.
    • Built

    Requires Free Membership to View

    Login

    • an ecosystem of vendor technologies, services and support to augment the experience of his team.
    • In the midst of a four-year clinical information security project that addresses privacy and regulations.
    • Helped create the Stanford University Medical Center Network, a secure collaboration and communications network enabling appropriate access to apps, research and administrative systems.

 


An executive I barely know recently dropped off a parcel in my office, something I was nonetheless expecting. A few hours later he mentioned it to me in a meeting, with both humor and trepidation: "I was nervous about going into the security officer's office when he wasn't around." Hearing that I thought, "My office doesn't have a whole lot of sensitive data in it. I don't have access to the financials. The HR investigation reports are on a server elsewhere. My screen is locked. Why should my office be a little fortress, compared to the cubicle the junior accountant populates?"

Sensing that the particular moment wasn't right for a speech on security philosophy, I quipped, "You know, it wasn't a problem because the lasers didn't activate." This drew hearty laughs.

This anecdote illustrates a commonly held belief that security is not a meta-discipline that serves all walks of enterprise life, but rather that "security is what security people do." Lay people, i.e., those who aren't full-time security pros, tend to think about security to the extent that security people bug them about it. Security is a bunch of paranoids creating ridiculous things with lasers and so forth, while the business moves along on its own.

 

This was first published in October 2008

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top