Working as a Systems Administrator in a healthcare environment has led me to a unique perspective towards IT security. I usually tell people that my team has one of the toughest positions within the university. We are constantly trying to balance the need for information security necessitated by health information with the inherent collaborative nature of higher education. We have to do all this for a user base that is not particularly tech savvy.
Cybersecurity frameworks are long on length and generalities but short on specific instructions. Believe it or not but my best source of detailed security practices and issues is a Taylor Swift parody account on Twitter. The account covers a huge gamut of IT security news and practical applications. Some of the larger schemes I’ve put together for our environment have grown out of a single simple tweet.
My department is still growing out of an entirely response oriented help desk into a planned environment with structure and project management. Admittedly, I hate doing all the monotonous work related to the project management documentation but I understand that it’s necessary. We have to be able to justify our actions. We are only just beginning to touch on the risk documentation aspects of project management. This is the core of cybersecurity, risk management and minimization. I don’t say risk elimination because it’s simply not possible.
Every decision we make regarding our IT environment can increase or lower risk. It’s not a matter of whether one of our systems has been or will be compromised, but rather when it happened or will happen and how much information has been/will be compromised. Even employees using their web browser on their work machine give away information. This information is probably related more to the user and there is less risk of exposure of Drexel information but it is certainly possible that some of that information could be used to compromise our organization.
One of the easier ways to illustrate this is with an example. That however, will be saved for the next post.
To be continued…
-Brian
Recent Comments