Sunday, March 28, 2010

Securing systems dealing with sensitive information

I went through the executive summary of the audit report of a popular clinical information system in Canada which assessed the security measures in place. The 10 recommendations the report make are quite useful when implementing any access controlled information system; they are not new, but rather well-known facts (need-to-know, defense-in-depth, leakage-prevention, auditing, etc) but in practice largely neglected.

No comments: