|
security for the masses
Primary Care by Michael Mucha
Security cannot be a discipline unto itself; it must serve all entities in the enterprise.
Michael Mucha
- TITLE Chief information security officer
- COMPANY Stanford Hospital
- INDUSTRY Health care
- KUDOS
- Manages a 30-person security team.
- Primary focus is security risk to student and patient data, compliance and business considerations.
- Relies on outsourcing and software as a service to address operational security tasks.
- Built an ecosystem of vendor technologies, services and support to augment the experience of his team.
- In the midst of a four-year clinical information security project that addresses privacy and regulations.
- Helped create the Stanford University Medical Center Network, a secure collaboration and communications network enabling appropriate access to apps, research and administrative systems.
...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
[IMAGE]
An executive I barely know recently dropped off a parcel in my office, something I was nonetheless expecting. A few hours later he mentioned it to me in a meeting, with both humor and trepidation: "I was nervous about going into the security officer's office when he wasn't around." Hearing that I thought, "My office doesn't have a whole lot of sensitive data in it. I don't have access to the financials. The HR investigation reports are on a server elsewhere. My screen is locked. Why should my office be a little fortress, compared to the cubicle the junior accountant populates?"
Sensing that the particular moment wasn't right for a speech on security philosophy, I quipped, "You know, it wasn't a problem because the lasers didn't activate." This drew hearty laughs.
This anecdote illustrates a commonly held belief that security is not a meta-discipline that serves all walks of enterprise life, but rather that "security is what security people do." Lay people, i.e., those who aren't full-time security pros, tend to think about security to the extent that security people bug them about it. Security is a bunch of paranoids creating ridiculous things with lasers and so forth, while the business moves along on its own.
|
 |
|
