Monday, May 10, 2010

The 2009 Data Breach Hall of Shame

Many data breaches arise because of lapses in the most basic of security precautions. This is an important fact for IS auditors because it means that the have within their everyday audit programs the capability to find and prevent these breaches (or at least warn against them). It also means they will more likely be held to account when the breaches occur. The CIO Magazine's 2009 Hall of Shame lists several occurences that are mind boggling in their simplicity and in their laxity. How about posting a complete description of your security policies and procedures on the internet? Or lets try maintaining all user IDs and passwords in plain text, unencumbered with such complications as encryption. Not to mention a lack of control over the hard drives that contained the plain text files. There are others. Read on in this article.

No comments: