Re: University of MD mails 24000 SSN on front of envelope

[Arshad Noor <arshad.noor () strongauth com>]

Couldn't agree with you more, Michael.  In fact, the lack of training
of involved personnel, and the lack of a culture that encourages "risk
detection and management" is probably the single biggest weakness in
most IT environments today.  There is far too much trust placed in
technology and not enough in the ability and training of humans to
address security risks.  While I would like to say that companies lose
as a result of this myopia, in the long-term  we consumers wind up
paying for those losses, unfortunately.

Arshad Noor
StrongAuth, Inc.

Michael Hill, CITRMS wrote:
> Lack of education and training given to employees, contractors and service 
> providers to help spot security vulnerabilities.  Periodic training 
> emphasizes the importance you place on meaningful data security practices. 
> A well-trained workforce is just as important defense against identity theft 
> and data breaches as are physical and electronic security.
>
> In this case, I cant believe nobody in the whole process did not spot the 
> SSN or at least question it when seeing a 9 digit number.  Training 
> certainly could have uncovered this, though we will never know.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml