Get this business strategy report, go to:

www.csoboard.com/Publications

We live in a global business climate where personal responsibility, ethics, and doing what is morally correct are undervalued and often a detriment to a person’s career mobility. I’m not saying every company or corporate culture rewards bad behavior—although I’ve seen some industries and organizations that do reward unethical behavior.  The truth lies somewhere closer to the reality that it is easier for people to look the other way and ignore bad behavior, even to the point of ignoring the personal responsibility for transparency and basic decency in all of our actions individually and collectively.

Fast forward to the information security or “cybersecurity” world we thrive in. Personally I’m saddened that the FTC would have to legislate what should be a basic tenet of being a business professional or in a position of trust as a blogger or celebrity. As working professionals in our respective career fields, there should never be a question as to where our moral compass is showing the way.  As a management consultant, technology executive, and security professional, one thing has always been clear in my mind—the value of personal ethics in all I do.  Have I made my share of mistakes in my career?  Absolutely. Have I learned from those mistakes?  Yes!  Remember that being an ethical person does not guarantee you will not make mistakes.

The information/cybersecurity industry is innovating at an unprecedented speed.  Industry and government regulations attempt to instill personal, cultural, and corporate responsibility. These well intentioned efforts will fail to accomplish their intent unless people take personal responsibility. 

One of the best lessons I’ve learned is that having clear personal responsibility and ethics your words and actions in the security profession is more important than all of the technical or formal knowledge you acquire in the security profession. Trust your moral compass.  Do what is correct, ethical, honest, transparent, and good for your clients, your organization, your community, and our world.

You may read the article "IT is a must" at BT Quarterly: http://www.btquarterly.com/?mc=it-must&page=sp-viewarticle.  Please note you will be required to register for free at BT Quarterly to read the article.

To download this report go to:

http://www.csoboard.com/Publications

The University of California, Berkeley, has setup a website http://datatheft.berkeley.edu/ informing the general public about a data security breach carried out by hackers who may have accessed a database at the university's campus health services center.

My thoughts...It is my hope, this incident will serve as a wake up call to healthcare organizations and educational institutions of the need for stronger information security management.  I've long believed that healthcare and educational institutions have a greater responsibility for the confidentiality, integrity, and availability of the personal information entrusted to them by their students, staff, and business partners. 

As a former Chief Information Security Officer (CISO) in healthcare, I know first hand the data security and privacy risks for that industry.The healthcare industry collects and processes more personal information on patients, than most financial institutions. For hackers seeking to steal personal information to be able to conduct financial fraud, healthcare organizations are easy targets, given the limited financial resources those organizations have devoted to protecting the personal information of patients, staff, and business partners. Healthcare organizations need to invest in more information security defenses and education for their staff.  Meeting an audit report for regulatory compliance is not sufficient and healthcare organizations must invest in information security as an integral part of their way of doing business.

The suspected hackers deleted the pharmacy records of 8 million patients in the state's databases and hijacked the PMP website with a $10 million dollar ransom note to return the data records.  The state is referring all inquiries to the U.S. FBI.

More news regarding this incident:

FBI Probes $10M Hacker-Ransom Claim in Virginia
http://www.cbsnews.com/stories/2009/05/05/tech/main4992372.shtml

Alleged hacker demands $10 mil for Va medical records
http://www.timesdispatch.com/rtd/news/local/article/HACKGAT05_20090504-212004/265693/

The SC Magazine 2009 Awards Gala event was held last night at the Hilton Hotel were the best awards that I've attended in recent years.  Despite the economic news we hear every day, you could tell from observing the companies attending, nominated, and honored are growing and providing solutions that customers are demanding.  This leads me to believe that the IT industry in general has at least one very large bright spot and that is IT security.

I won't pontificate on the merits of IT security solutions or the value of purchasing those solutions.  I'll let you be the judge of those solutions.  Here is the link for a the list of winners of the SC Magazine Awards 2009 -- http://www.scmagazineus.com/pages/section/945/

Thanks to SC Magazine, the judges, nominees, winners, and most importantly thanks to the customers and clients we in the IT security industry serve.  You, our customers in many industries have allowed us the privilege and honor of serving you with IT security solutions that protect your organizations from risks both on-line and offline.  Thank you for aallowing us to serve you, our customers.

The SF Chronicle article crystallized for me what I have been feeling as an information security professional, a feeling that today more than ever, cybersecurity has a real impact on our daily lives.  Unfortunately due to the current economic crisis, many organizations are being forced to scale back their Information Technology (IT) and information security budgets. 

Organizations should carefully consider their investments in light of current economic conditions and make wise investments in cybersecurity.  Prudent investments in cybersecurity will help to safeguard an organization's intellectual property, business transactions, and the data/information entrusted to them by their clients and business partners.

As I travel to the RSA Conference this week, I hope to interact with other information security professionals and colleagues and learn how they are helping their organizations by adding value and performance improvements to their organizations.

According to news reports, Yusuf Acar, the Information Systems Security Officer (ISSO) for the OCTO has been arrested by the FBI.

Yusuf Acar worked for Vivek Kundra, who recently left his role as Chief Technology Officer for the District of Columbia to become President Obama's nominee for Chief Information Officer for the Federal Government.

See more at:

Washington Post - Breaking: D.C. Tech Official Busted in Federal Bribery Sting  http://voices.washingtonpost.com/dc/2009/03/breaking_dc_tech_official_bust.html

Associated Press - FBI searches DC government office, arrests worker
http://www.google.com/hostednews/ap/article/ALeqM5hMT9GSjeFeuiRWPCUKflpfkvfw3QD96SIU584

ABC News - FBI Arrests DC Official
http://blogs.abcnews.com/politicalpunch/2009/03/fbi-arrests-dc.html

Fox News- Obama's Pick for Information Officer Raided by FBI
http://www.foxnews.com/politics/first100days/2009/03/12/obamas-pick-information-officer-raided-fbi/

As the drumbeat of negative economic updates seems to overwhelm our daily news cycles, we tend to forget that at the heart of any business engine is people.

Read the full article here:
http://www.scmagazineus.com/Leading-through-the-good-and-bad/article/128340/