A hospital decided to use cloud computing for processing and storage to save costs. After several months, it was discovered that the cloud provider’s storage facilities were compromised and patient information was stolen. The hospital maintained that the cloud provider should be punished and fined for the breach, while the provider responded that it was still the hospital’s responsibility under HIPAA to secure patient information and the hospital was ultimately responsible.
Who do you think should be responsible? The cloud provider or the hospital? If the cloud provider is responsible, then should software companies like Microsoft be held liable for a vulnerability in their software that results in a data breach on a Microsoft server in a LAN? Where does the responsibility for the user end and the vendor begin?
A hospital decided to use cloud computing for processing and storage to save costs. After several...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...