Staff Disciplined in Wake of SingHealth Breach
… Keith Fricke, principle consultant at tw-Security, points out: “Some corporate cultures focus on the issues and what to fix, while others look for someone to blame.”
Addressing breach issues requires an appropriate mix of addressing the root causes and holding people accountable, he contends. “Responsibilities for the root causes of a breach may lie in different areas depending on circumstances. For example, it is one thing if an organization provides training for IT workers to understand and implement security processes and tools and these workers fail to apply that knowledge,” he says. “It is another thing if the IT workers have requested training or bringing in third parties to help them and the organization denied funding, leaving the workers to do their best with what they have.”
Who should be held accountable depends on the situation, Fricke argues. “Another key concept is that someone with technical competence does not automatically … have incident response competence.”
For more information or to schedule a FREE initial consultation – contact tw-Security.
Read More
