People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
The Department of Veterans Affairs' effort to expand use of smart phones and tablets won't pick up speed until after it implements an enterprisewide mobile device management system to monitor the devices, says CIO Roger Baker.
"It's a crime like no other crime," says James Ratley, president of the ACFE, describing fraud. "There was not a gun involved, there was not a knife; there was in many cases a ballpoint pen or a computer."
The Privacy and Security Tiger Team, which advises federal healthcare regulators, likely will not meet again until after a batch of new regulations is released in the first quarter, says co-chair Deven McGraw.
"Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," NIST Computer Scientist Tim Grance says.
With the tardy addition of the Sutter Health breach, the federal "wall of shame" tally of major healthcare information breaches now includes 385 incidents affecting more than 19 million individuals since September 2009.