PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2004

Making an example: Enforcing company information security policies

Public executions are necessary for enforcing company information security policies, says Dr. John Halamka. "There's no second chance if you violate trust," he explains. As CIO of both Boston's Beth Israel Deaconess Medical Center and Harvard Medical School, Halamka is charged with enforcing the policies and procedures that ensure the security of 9 million patient records and 70 terabytes of data. Most people would think that medical professionals working in a world-class hospital and university would be above the temptations of records surfing, unauthorized downloads and abuse of computer resources. They're not. Each year, Halamka says, three or four doctors -- ranging from green residents and interns to well-weathered practitioners -- are fired for violating security and acceptable use policies. Sometimes, doctors are looking up medical histories of their competitors to embarrass them or to gain a business advantage. Other times, they're simply curious about a famous patient and look up his lab tests. On occasion, they're ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue

  • The security improvements of Microsoft ISA Server 2004

    by  Victor R. Garza

    In an effort to bolster its security image, Microsoft is going to release its ISA Server 2004 later this year. Here you will learn about the security improvements of Microsoft ISA Server 2004.