What's your worst nightmare on the job?
The responsibility and accountability to the safety of KP members and patients. As the dependence upon IT systems through decision support and knowledge management have increased within the healthcare industry, so has the need for continuous availability and absolute data integrity from an information risk management perspective.
What annoys you?
There is the compliance dimension, the technical operations dimension, and then the information risk management dimension. Unfortunately, the focus is entirely on either compliance or technical operations because of regulatory requirements and viruses and breaches. The only way to leverage an information security program is to make risk management a foundation of an organizations culture and governance process.
What would you like to do?
I would re-name this industry Enterprise Risk Management (ERM). Information security would remain the technical operations point, information protections would become the compliance point with information risk management at the tip. Then I would focus on information risk management to balance ERM. I would converge all regulatory requirements into a single set to simplify and improve overall compliance.
SKILLS IN DEMAND:
A recent study ranks identity and access management first in EMEA and second in the Americas and Asia/Pacific, where wireless security tops the list.
Identity management budgets
64 percent of U.S. companies surveyed are funding digital identity/rights management in 2006. They've increased such spending by nearly six percent this year over last.
Auditing is getting even hotter, plus LDAP, active directory services, biometrics and multi-factor authentication. Coming: privacy management and vendor management skills to force trust relationships.