a CIO correct this issue? It hinges on selling to your superiors that the cost of protecting stored information is more valuable than the potential losses. The above stat is just from one successful attack, and most sites endure multiple attacks a year. By providing information on money lost versus money spent, a CIO should be able to make tremendous strides on information protection strategies and systems.
其次是保护和升级现有保护系统的支出。有趣的事实是,“普通医院的网络攻击成本为350万美元,但根据HIMSS的一项调查,46%的医院每年在网络安全方面的支出不到50万美元。”这是一个巨大的担忧。那么,首席信息官应该如何纠正这个问题呢?这取决于向上级推销保护存储信息的成本比潜在损失更有价值。以上数据仅来自一次成功的攻击,大多数网站每年都会遭受多次攻击。通过提供有关资金损失与支出的信息,首席信息官应该能够在信息保护战略和系统方面取得巨大进步。
Next is guarding against self-inflicted breaches of security. This can take shape in many formats. Be it ignorance, accidental, or completely intended, this may be the biggest threat a CIO faces. To guard against ignorance and accidental releases employees must be trained through formal training channels. Training should include initial and refresher training throughout the employee’s time with the company. Then, to correct the completely intended, “Identify all privileged accounts and credentials [and] immediately terminate those that are no longer in use,” then, “closely monitor, control and manage privileged credentials to prevent exploitation.” (Schiff, 2015) Lastly, indicators or alarms should be employed to notify CIOs and their staff when the possibility of a potential release or theft has occurred. This may prevent information being disseminated by alerting the right people, and being able to curb any unintended release of information before leaving the facility or hitting the internet.
其次是防范自身造成的安全漏洞。这可以有多种形式。无论是无知、偶然还是完全有意,这都可能是首席信息官面临的最大威胁。为了防止无知和意外释放,必须通过正式培训渠道对员工进行培训。培训应包括员工在公司期间的初始培训和进修培训。然后,为了纠正完全意图,“识别所有特权帐户和凭据[并]立即终止那些不再使用的帐户和凭据”,然后,“密切监控、控制和管理特权凭据,以防止被利用。”最后,当潜在的泄密或盗窃发生时,应使用指示器或警报器通知首席信息官及其员工。这可以通过提醒合适的人来防止信息的传播,并能够在离开设施或上网之前遏制任何意外的信息发布。
Finally, CIOs must ensure company policies are in place to prevent releases of information and keep employees informed. The programs that are established within a company will directly affect how employees put practices into place. If a company’s policies are weak, so too will be their practices. The opposite is also true. Companies who have strong policies in place probably house employees who adhere to the correct way of doing business. When consumers are surveyed, “80 percent say they are more likely to purchase from consumer product companies that they believe protect their personal information. Furthermore, 70 percent of consumers would be more likely to buy from a consumer product company that was verified by a third party as having the highest standards of data privacy and security.” (Conroy, Narula, Milano, & Singhal, 2014) This speaks volumes to ensuring strong policies are in place so a CIO’s company can compete at a higher level in their given industry.
最后,本篇留学生作业提出首席信息官必须确保公司政策到位,以防止信息泄露,并让员工随时了解情况。公司内部制定的计划将直接影响员工如何实施实践。如果一家公司的政策软弱,他们的做法也会软弱。反之亦然。制定了强有力政策的公司可能会雇佣坚持正确经营方式的员工。当消费者接受调查时,“80%的人表示,他们更有可能从他们认为可以保护个人信息的消费品公司购买。此外,70%的消费者更有可能从第三方验证为具有最高数据隐私和安全标准的消费品公司购买。“这充分说明了要确保强有力的政策到位,使首席信息官的公司能够在其特定行业中在更高的水平上竞争。
As you can see, CIO’s have varying responsibilities in regards to keeping customer information private and out of range of those that wish to steal it. The first responsibility is encrypting to protect information from being easily viewed and distributed. The next is spending to protect and upgrade current protection systems, because most of the current infrastructure isn’t up-to-date and spending is far behind. The third, guarding against self-inflicted breaches to keep consumers safe and keep their business as secure as possible internally. Lastly, ensuring company policies are in place so there is understanding on what is considered protected and how to keep protected data from being stolen. While these four things aren’t all inclusive, they are the basis from which CIO’s can keep customer privacy from being illegally taken. After all, d
