This last case of “identity misuse/theft” (source: Fidelity employee steals 2.3 million consumer records) illustrates yet again how the “human factor” plays a key role in all aspects involving identity and privacy management – and how the key issues are in the “back-end” of organisations.
Apparently “security” was in place and it was enforced (the employee had a role that justified access to the customer data). So at the end it is a matter of misplaced trust in the employee and abuse of his role …
However, shouldn’t an upfront risk analysis (done at the business level) have highlighted how critical this “role” was, identified risks associated to this “customer data repository” – and hopefully suggested control points and mitigation factors (see also my recent post on Business-driven Identity Management …)?
I also wonder if any identity management technology or solution could have been of any help at (least at) detecting (in time) what was going and/or stopping/minimizing this fraudulent act …
No comments:
Post a Comment