dcsimg

Data Breach: Who’s to Blame?

  • Data Breach: Who’s to Blame?-

    Finally, the IT department gets blamed for many things that really aren’t their fault – oftentimes it’s a result of them doing the best they can with the tools they have in place. If there’s no access request system in place for people to request access, then the majority of the time it’s up to IT to grant access to the end users. So in keeping with our example, a few months back, that end user called a buddy in IT with an urgent request for access to an application, “because they need to complete a report ASAP for the CEO and they can’t access the data they need.” The IT person now has the choice of either granting that access and getting the person off their back…or possibly being the reason given to the CEO as to why the report wasn’t completed. 

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

Data Breach: Who’s to Blame?

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
  • Data Breach: Who’s to Blame?-6

    Finally, the IT department gets blamed for many things that really aren’t their fault – oftentimes it’s a result of them doing the best they can with the tools they have in place. If there’s no access request system in place for people to request access, then the majority of the time it’s up to IT to grant access to the end users. So in keeping with our example, a few months back, that end user called a buddy in IT with an urgent request for access to an application, “because they need to complete a report ASAP for the CEO and they can’t access the data they need.” The IT person now has the choice of either granting that access and getting the person off their back…or possibly being the reason given to the CEO as to why the report wasn’t completed. 

Data breaches are reported all the time in the news - and often when a breach occurs, fingers are pointed at everyone from hackers, to CSOs, IT and even end users. So in looking at a typical breach, Jackson Shaw, senior director of product management at Quest Software, wanted to break down why the fingers get pointed at these particular people (aside from the hacker, as that’s generally an obvious target) and why they should each care about data governance. For simplicity, he’s going to break this down into three groups: The end user, the IT department, and the line of business manager, and he’ll use the case of financial data.