Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

C. J. Kelly

A Day in the Life of an Information Security Officer

Social Security numbers online? Not that uncommon.

7 comments

IT TOPICS:Security

I read this article and I just laughed out loud, even though this is not a laughing matter. This is more common than you think. Texas counties illegally posting Social Security numbers online, AG says. Our social security numbers have been compromised so many times that I vote for getting rid of them altogether.

In state and county government, there exists a myriad of public records and up until recently, these records contained social security numbers. Most states have passed laws that forbid the practice of using social security numbers on public records. I think the way this evolved, and I'm only guessing, there was a mad rush to make information available to the public. Agencies began putting information on their websites and security was an afterthought.

As the Information Security Officer of a state agency, I recently sat in a state wide security committee meeting and broached this very topic with the Chief Information Security Officer. I asked him when the state was going to audit all of its agency public websites for privacy violations. In our agency, we have been in process of pulling data off our public websites, rewriting applications, and safely securing data in backend databases (behind the firewalls) with encryption.

One of the problems in state government is that agencies are fairly autonomous and generally run their own websites. Most state agencies don't have security expertise on staff. It is incumbent upon the state level security team (if one exists) to manage the security of all external facing websites. It's a problem of resources and knowledge and it's a big problem. Privacy breach laws have been enacted in most states and the penalties are getting stiffer. It's no longer acceptable to ignore this problem.

Email this

Digg this

What People Are Saying

Add new comment

Okay, it may look like I'm

Submitted by C. J. Kelly on March 7, 2007 - 6:18 P.M.

Okay, it may look like I'm blogging on state time, but the time zone for my blogs is not the same time zone that I am in (and is changed randomly), and that is to protect my identity and my agency. I only blog and write on my own time. While you may see a post between 8am and 5pm, I may be blogging at 11pm or 5am.

For whatever it's worth. C.J.

Reply | Report this comment

Anonymous, One of these

Submitted by morph00 on March 7, 2007 - 3:15 P.M.

Anonymous,

One of these individuals that you so misalign, may be responsible for keeping YOUR SSN off the internet! Think about it. If the position is one of being responsible for computer security, and being knowledgeable of potential releases of critical personal data, I'd be reading articles like this. Apparently, your problem is you don't really care if your SSN is out there, available to some wonderfully crafty individual may use to make your life ruinous financially, otherwise you'd have shut your pie-hole and gave the writer some credit for taking an interest in possibly being of public service. Unless, it's because you desire for SSN's and other personal data to be publically posted so you may profita someone's expense. Or you are just ignorant?

Reply | Report this comment

Yes, you are abosutely

Submitted by Anonymous on March 9, 2007 - 2:32 P.M.

Yes, you are abosutely right. I never thought of it in that way--a savior of the SSNs. I see a lot of criticism by CJ of the state not wanting to spend a lot of money, yet she talks about her $8,000 training they provided, employees of the government being idiots (my husband was a Government employee and he went to Dartmouth and Harvard) how no one in her office can think without her proding them, so I thought I'd take a little swing of sorts. She can take a little criticism since she dishes it out so frequently. So WHO is being so misaligned?? Those employees who have no idea she speaks of them like they have no brains?? But I imagine they'd be greatful knowing she is a savior of sorts. It's all in fair play.

Reply | Report this comment

Anonymous, talk about

Submitted by Anonymous on March 6, 2007 - 12:43 P.M.

Anonymous,

talk about calling the kettle black! You, as a state employee, are complaining about C.J. taking time to write blogs (you claim on taxpayers time),while at the same time you're taking time to read and respond to them on taxpayers time!

Hypocrite!

Reply | Report this comment

Where in my response did I

Submitted by Anonymous on March 9, 2007 - 2:20 P.M.

Where in my response did I say I was an employee of the state. I am not a state employee, but I am a taxpayer.

Reply | Report this comment

As an employee of a state

Submitted by Anonymous on March 6, 2007 - 12:00 P.M.

As an employee of a state agency, I am sure the taxpayers are glad you spend your time blogging on their time.

Reply | Report this comment

Hey anonymous, Don't be so

Submitted by Fed_emp on March 6, 2007 - 12:25 P.M.

Hey anonymous,
Don't be so cynical. The writer of this article is doing a great service to the public by writing this. You strain at a miniscule amount of time taken to write a worthy article compared to the time this writing will save in helping against security breaches. Go take a happy pill dude.

Reply | Report this comment

Google Dashboard: Convenient, useful, but no big deal

Web filtering internationally, part 1: China

The fobbit

Unlock/jailbreak new iPhone 3G software with #blackra1n app

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

All White Papers | All Webcasts