CSO - Throughout the year, in such articles as " Medical identity theft a rising and significant threat" and " Healthcare security needs a booster shot," CSOonline has documented many of the challenges the healthcare industry faces in trying to keep its customers' records secure and to run its business-technology systems within regulatory mandates. This week we've turned to security expert Gunnar Peterson, managing principal at Arctec Group, a consultancy based in Minneapolis, MN. Peterson's specialty is on distributed systems security for large, mission-critical systems in the financial, healthcare, manufacturing, and insurance industries, as well as a number of start-ups. Peterson also blogs at 1raindrop and has a number of interesting thoughts on the special challenges of health care security.
CSO: How do you see healthcare data security as being different from securing other types of data and transactions from other industries?Gunnar Peterson: I think that the health care industry has a number of challenges that make the security architect's job, the CSO's job -- in all cases except for one -- much more difficult than in financial services and most other industries. The one thing that's more difficult in financial services is that they have ongoing determined attacks through fraud and other types of financial attacks. That's been with banks long before there were computers. I would argue that almost every other aspect of security is more difficult in healthcare.
It starts with the transaction. One of the nice things that security architects have in the financial world is a very black and white transaction model. The money is in my account, or it's in your account, or it's in the holding company's account. There is no gray area about who's got the money at any given period of time, or where the risk is at any given time. Relatively speaking these transaction models are brutally simple, because lots of players have to sign up for them and there's lots of standardization. And people have been tweaking these models for a long time. When you start a job as a CISO at a financial services firm you are given a transaction model manual, and it's fairly straightforward.
If you compare that to medical records, to healthcare insurance, or other things in that space, there is almost no uniformity, no standardization in how many of these interactions work. On your very first day as a security architect at a healthcare company, or somebody dealing with medical records, you are going to get either no guidance on the transactions model or thousands of pages of Byzantine, non-uniform protocols, data formats, things that don't reconcile -- and then you are going to have to figure out a way to secure this. So, in financial services, you have a nicely layered lasagna and then you have an endless and endless amount of spaghetti with ten different kinds of sauce in the healthcare world.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
China says to Chiang Kai-shek all Bitcoins at the door.
China marches long and hard over internal financial institutions, proclaiming that Bitcoins "should not and cannot be used as a currency". The news sent Bitcoin exchanges into a dive like cormorants in the deep China Sea. But all is not lost -- or is it? Bitcoins have been bubbling back to the surface, or has China's stance drained all enthusiasm? In IT Blogwatch, fearless leaders and bloggers quote pearls of wisdom from the little red book of Bitcoin. Not to mention: Financial advice from Whiz and Ice...
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Make or Break: New Auto Products Must Go To Market On Time
- This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- Stock Shock: The effect of project and portfolio management on share price
- In this independent report, you'll see the intrinsic connection between long-term capital investment and short term market performance -- and how this can...
- Hedge Your Bets
- This report explains how visibility and increased governance is key to reducing risk.
- In the Firing Line
- CEOs Are Increasingly Being Held Accountable; How susceptible is the CEO's reputation to poor performance across the project portfolio?
- The CISO's Guide To Virtualization Security
- This guide describes the security challenges within virtualized environments and shows how to apply the concepts of Forrester's Zero Trust Model of information... All Financial IT White Papers
- Live Webcast Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Live Webcast The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Live Webcast The Business Value of Human Capital Management for Finance View now >>
- HR and Finance Were made for Each Other View now >>
- The Value of Human Capital for Finance Professionals View now >>
- The Business Value of Human Capital Management for Finance View now >>
- The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- All Financial IT Webcasts
Computerworld's Best Places to Work in IT 2013 list featured Quicken Loans, Securian, Vanguard and other top finance organizations. Honorees say the distinction helps them recruit top talent and boost staff morale.
Want to join this elite group? Nominate your organization for our 2014 list.