Sunday, March 02, 2008

Confluence of HIPAA security audits and increasing attacks from the Internet creates pressure on health care organizations to protect their patient information: http://www.networkworld.com/news/2008/022708-healthcare-cyberattacks.html

The four important questions to ask for any custodian of sensitive information should be:

What information exists on my systems
Where is it located
Who has access
How is it protected

I believe the only way to find out what information exists, cataloguing and classification is a necessity. To find out where it is, the repositories containing information must be scanned, and content then classified based on this scan. To ensure that only users who need access, has access, entitlement management is key. The information that is classified should then be protected.

This cannot be achieved with technology alone. People, Process and Technology all go hand in hand to solve this problem.

No comments: