Bob Bragdon says politics shouldn't dictate government privacy policies. In my travels, I get a unique glimpse into how security is approached by various vertical markets and industries, as well as by all levels of government and its assorted agencies. Some impress me with their forward thinking, while others just don’t seem to be getting the message. When it comes to government, what is that message? It’s that security is no longer optional. As our governments, they are in possession of the most private and sensitive information about us: financial, medical, criminal and so on. It’s no longer acceptable to take shortcuts in protecting the data we entrust to them. Unfortunately, they don’t all seem to be getting that message very clearly. In some states, such as Washington, Oregon and even California, with its significant financial challenges, elected officials have made information security a priority. As in the private sector, they have come to understand the risks a cyberattack poses to both their own reputations and the safety of their customers (in this case, the taxpayers and voters). In these states, the role of the information security officer is critical and we see ISOs at all levels of state and local government. In other states—Pennsylvania, for example—we see IT and IT security budgets being cut over the past several years, and a clear message being sent that security must give way to the larger bureaucracy of state government. Just a few weeks ago, Pennsylvania dismissed its CISO, allegedly for talking about a data breach at RSA without prior authorization. Sounds a little convenient for me. Politics at play. (See Maley: How the Firing Really Went Down and Ira Winkler’s Sometimes You Should Just Keep Quiet for two different views of that story.) It’s really not that different from what we see in many private businesses. The CEO either gets security or doesn’t get it. In the private sector, the CEO is sometimes taking a calculated risk, and we in business understand that. Greater risk can lead to greater rewards. But I really doubt that Governor Ed Rendell is taking an educated risk. I say this because when it comes to government and the management of its citizens’ data, the same risk equations do not apply. You either protect the data or you do not, and accept the consequences of the breach that will inevitably occur if you choose the latter. I guess that makes it a political equation. As for me, I don’t want political equations deciding the fate of my most sensitive, personal information. I just wish all our government officials understood risk like we do in the private sector. What do you think? Related content news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Budget Pricing news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management news Intel Trust Authority attestation services now in general availability Formerly known as Project Amber, Intel’s attestation services support confidential computing deployments. By Michael Nadeau Sep 20, 2023 3 mins Zero Trust Security Hardware news Venafi taps generative AI to streamline machine identity management Venafi’s Athena, based on a new large language model (LLM), offers users a natural language interface and provides developers with automated code generation for important integrations. By Shweta Sharma Sep 20, 2023 6 mins Generative AI Identity Management Solutions Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe