I was reading today an article on ZDNet about how the state of how Maryland state security sloppiness exposes personal data. The article by Larry Selzer shows how, to quote him:
“Mustering all necessary resources” in this case means “cutting corners.”
This shows the dangers of lack of resources – time, expertise, money – that can point you in the direction of danger if you are not careful. One would think that if you are collecting drivers’ license numbers, social security numbers, addresses and other personally identifiable information you would carefully think about the implications of not having the information secure.
At first I was thinking that – hopefully – someone writing the solution was security-minded enough to raise the risk to management but then I realized that if this was indeed the case the problem is actually much worse: Either senior people did not recognize the issue or, worse yet again, they did not care about it. (I always think about these issues as “ignorance versus incompetence”.) Hopefully, there will be more digging into the issue to find out where the problem actually exists. Being an IT professional with security being one of my hats I find this troubling…
Here is a screen capture – the site is no longer publicly-accessible, thankfully, from ZDNet: