Seriously? The OPM Breach

There are tons of articles out there now talking about the security breach at the OPM. One such article from the Wall Street Journal points out an attack vector coming in from a third party vendor. Wow.

I think in this day and age of computing there really is no excuse for when breaches occur. It’s one thing to have the latest and greatest tools in place and the right mix of human analysts looking the data over. It’s quite another to leave the doors open with old or outdated technology.

How does a government organization, or even a regular commercial business, get these things fixed? The answer is very simple. Criminalize the data loss and hold CEO’s or top government brass accountable; meaning they will be prosecuted for some kind of criminal liability.

Wouldn’t that change the focus on how information security is implemented? If you, as top boss, knew you could go to jail because you didn’t put enough of a priority on securing the data you work with, don’t you think you would make different decisions?

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmailFacebooktwittergoogle_plusredditpinterestlinkedintumblrmail
rssyoutuberssyoutube

Jeff Evenson

Jeff is Chief Blogger for Security Friction, writing about the security issues that seem to always have some rough edges when being considered for implementation or integration. Jeff retired from the US Navy as a Chief Cryptologist, worked in the wireless telecommunications and financial sectors. Jeff has spoken at the local college and various community groups.

Leave a Reply

Your email address will not be published. Required fields are marked *