Employees Place Patient Records on A Hosted Service. IT Training May Improve IT Security Awareness
by iClass - Wednesday, December 29, 2010
Leakage of such data may not only put information and financial security of customers at risk, but also adversely affect the reputation of the concerned organizations.
Recently, doctors at Veteran affairs hospital placed confidential patient data on a separate hosted service, without intimating the department of veteran affairs.
Lack of knowledge concerning the threats prevalent in the IT environment is one of the major reasons for security lapses by employees. As IT has become all-pervasive, hospital administrators may provide IT training to the hospital staff to acquaint them on the threats emanating in the cyberspace.
The documents were reportedly placed in a yahoo web service. Such unauthorized use of private cloud services violates the IT security policy. Cloud computing can be allowed by organizations in a regulated manner. Unregulated use of cloud services can put data security risk. Such practices also enhance the possibility of insider theft.
Organizations are also dealing with unsafe practices of employees such as use of personal emails to send confidential business information. Organizations must conduct regular security assessments and audits to identify the weaknesses and violation of IT security guidelines by employees. Government departments can encourage employees to undertake security certifications such as penetration testing training to gain technical know-how on methods used for exhaustive assessment of the IT infrastructure.
IT security specialists can also benefit from distance learning programs offered by security certification providers to individuals who cannot attend live classes.
Organizations must also implement security measures such access control to privileged databases and regular monitoring of employee logs to streamline information security. The rapidly changing security environment has made it inevitable for organizations to give high emphasis to IT security.
EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. “Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation” as stated by EC-Council’s Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
6330 Riverside Plaza Ln NW
Albuquerque, NM 87120
Keywords: penetration testing training, distance learning, cloud computing, information security, IT training
Read More Press Releases
Get press releases by email