News Stay informed about the latest enterprise technology news and product updates.

Is it time for security managers to get tough?

With so many of the same security problems plaguing organizations year after year, it’s time to get tough, a health care security executive suggested Tuesday during a panel discussion at the Cornerstones of Trust 2009 conference in Foster City, Calif.

Connie Sadler, information security officer at Lucile Packard Children’s Hospital at Stanford, said some security challenges from 20 years ago continue today. Security managers started out as tough but became less so as systems became more distributed and employees did their own thing, she said.

“I think we’ve lost control,” Sadler said, suggesting a range of corrective steps, including whitelisting, better access controls, and punitive action such as fines.

“There’s no consequence for having a bad password,” she said. “Maybe there’s needs to be a consequence for not doing basic things…We need to introduce more discipline into our environment.”

But responding to a question from the audience, Sadler acknowledged that the tough approach needs to be balanced. “Don’t we need both the carrot and the stick?” asked security luminary Donn Parker.

“There does need to be a balance,” Sadler agreed. “People shy away from doing the right thing because they don’t have the knowledge… It comes back to us. We need to train people.”

The annual Cornerstones of Trust is co-hosted by ISSA’s Silicon Valley and San Francisco chapters and San Francisco Bay Area InfraGard.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

SOX had Lee Nails. PCI has TEETH! I'm currently dealing with IT managers who are resisting tightening security to meet PCI requirements. Then when they get the threat of non-compliance and costing their company $millions in additional credit card charges, they get religion. I don't think change will happen till the dollar risk is greater than the fear of minor disconveniencefor a VIP and more dangerous to a manager/directors career. Every manager in the US talks the CHANGE GAME and laugh about their stolen cheese, but money walks the walk. Sorry if i got a little "CHEESY".
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close