[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, May 23, 2024

Data Breach Threats Beg For Better Access Control

Identity, Information Security
Author: Mark Dixon
Wednesday, August 18, 2010
9:39 pm

image Dave Kearns of Network World posted a thought-provoking article today,  “Data breach demonstrates need for access control policies.”

Highlighting a case where a tax collector in British Columbia, Canada, used government computers to look up “private tax files of hundreds of high-income individuals, apparently in the hopes of hitting them up for a business she ran on the side,” Dave observed:

There are so many things wrong here.

  1. Why weren’t controls in place to prevent, or at least raise a flag, when an agent accessed files randomly? Were they at least audited?
  2. Why did it take four years for someone to realize that there were shady dealings going on?
  3. How did CRA determine the "risk of injury"?
  4. Why aren’t the affected parties notified whenever there’s a breach?

In light of increasing government regulations covering data breaches, and hard evidence that the number of data breaches continues to grow, companies can be well-advised to

“review your governance, oversight and access control policies now — before your organization features prominently (and ashamedly) in a newspaper headline!”

Comments Off on Data Breach Threats Beg For Better Access Control . Permalink . Trackback URL
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.