- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
 |
While rapid-fire cost-savings and consolidation efforts typically dominate an IT executive's annual to-do list, what's getting the green light this year are multiphase projects that protect organizations from regulatory fallout and data leakage.
At the California Department of Health Care Services (DHCS), for example, increased federal mandates and heightened media attention have led to a focus on projects that prevent data loss, says Christy Quinlan, CIO at the Sacramento agency.
"I know that whatever we spend on projects to secure data would be a whole lot cheaper than having to deal with even one leak," she says.
IT executives in a cross-section of industries, including government, education and the private sector, share the sentiment. In fact, three specific project areas – privacy, enterprise rights management and data center automation – are all getting the go-ahead because they can enable better data protection.
Since she took office as CIO in 2005, Quinlan has had a laser-like focus on improving the systems at the DHCS, a 2007 Enterprise All-Star Award honorable mention designee. She describes herself as a doer, not a talker, and doesn’t understand why implementing new technologies takes some IT teams so long. Being a doer served her well earlier this year when the U.S. Social Security Administration (SSA) notified her team that its main system, Medi-Cal, was in violation of the Health Insurance Portability and Accountability Act regulations.
The mainframe-based application lacked the ability to prove that only need-to-know personnel were gaining access to private patient information, the SSA said. More than 70,000 workers in 58 counties use Medi-Cal to access Medicare and Medicaid claims.
To come into compliance, Quinlan needed to install role-based access privileges coupled with auditable time-stamping. "The SSA said we only had a short time to fix the problem or it was going to deny us access to its network," she says. The DHCS had no time to rewrite the Medi-Cal application code itself or to do any major system changes.
Instead, the agency opted to tack IBM's Resource Access Control Facility (RACF) onto the mainframe to manage and log role-based permissions atop the Medi-Cal system’s own basic built-in privileges. Now Quinlan can set multilevel security policies based on users and the types of files they are trying to access. "This depth of tracking allows us to create a full audit trail," she says.
looking for a sugar daddy with a 12inch cock? well im him baby. check me out here. Most of my pics and...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment