Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

UMC Health System Security Officer discusses user awareness

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 2 Apr 2014 05:24:15 +0000 (UTC)
http://healthitsecurity.com/2014/04/01/umc-health-system-security-officer-discusses-user-awareness/

By Patrick Ouellette
Health IT Security
April 1, 2014
With 14 years under his belt working with government entities in IT security, Phil Alexander, Information Security Officer at University Medical Center (UMC) Health System, certainly has a unique outlook on IT security in the healthcare sector.
Based on those experiences at the federal level and his one year at UMC, Alexander talked with HealthITSecurity.com about his current focuses and where he thinks healthcare IT security is headed. UMC Health System, which includes our all its clinics in the local area, is the major regional provider in the West Texas area, so Alexander has a lot to keep track of. 


What are you concentrating on security-wise at UMC at the moment?
When I got here, we were doing the typical basic cybersecurity and information assurance, nothing out of the ordinary. So I split my team into two: one dedicated to beefing up information assurance and the other being our computer security incident response team (CSIRT).
The CSIRT team does a lot of traffic monitoring, packet analysis and forensics. And then on the other side of the house we’re increasing user awareness training this year. I have a different philosophy on security awareness -- I know there’s been a lot of discussion on the subject and there have been two philosophies. There’s one that argues organizations will never teach the end user anything and the other that says it’s a must-have. The pendulum kind of swings back and forth on the topic, but I think we’ve made a mistake over the past 20-30 years in IT in that organizations have told users that the organization, not the users, will take care of security. That worked back in the mainframe days of the 1970s and 1980s where your information at work wasn’t available to you at home. That doesn’t work anymore because work and home devices now look very similar to each other, so we’ve never really taught some of those users proper security. 

[...]


--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: