In the past, firms for which I’ve worked have had very small IT departments, if any at all. As an alternative, I would like to discuss some of the legal aspects of IT that came up in my CIO interview. For the CIO interview assignment, I spoke with John Henderson, a network administrator for the United States Social Security Administration.
Obviously, security is a massive issue for any government organization. In the case of the Social Security Administration, extremely personal information for every single United States citizen is at stake. In fact, according to John, Social Security is constantly struggling with decisions to digitize its information to improve efficiencies given the inherent security risks of having such information more widely accessible.
Aside from this obvious threat of identity theft, John really focused on more internal security threats. For John, the majority of his daily efforts are centered on maintaining Social Security’s massive worldwide intranet. Accordingly, within this network, email tends to be the primary aspect of IT from which legal issues arise.
Social Security works very closely with software developers such as Microsoft to develop email systems which very closely monitor the internal communication among its employees. This includes scanning files to check for viruses as they pass through the network, and also even monitors written email communication for specific words and phrases which indicate illegal internal activity. There is obviously a major legal issue with regard to these practices as the privacy of an individual’s communication comes into question. Of course, all government employees realize that their actions at work are highly transparent, and Social Security is rather open about its liberal use of this policy in order to deter illegal activity.
Additionally, Social Security constantly backs-up all of its data. This literally means that the agency makes a daily backup copy of the hard disk of every single workstation (hundreds of thousands of workstations) on its entire network. This allows the agency to always have a redundant copy in case of an IT disaster. Of course, this also allows the agency to monitor each individual’s work for internal security.
For Social Security, the importance of maintaining a secure network is astounding. There is really no telling how far-reaching the effects of any security breech to this agency could be. Not only could the identity of every U.S. citizen be compromised, but the daily operations of countless federal, state, and local government organizations as well as the operations of many private firms would be directly affected as well.
No comments:
Post a Comment