I went to the Doctors recently. Didn’t expect to come across a security issue during my consultation, but…
I entered the consulting room, sat down, and we started to chat and the phone went.
The Dr informed me
“My colleague needs my assistance, I will be back in one minute”
So there I was all on my own in the consulting room, and gazed at his PC.
- He was logged in
- No screen lock
- Various medical applications logged in
- His smart card still in the reader
So I had the perfect opportunity to
- Browse any of his patients health records
- Modify, and digitally sign the records
- Delete stuff
A few days later, curious about the issue, I relayed the story to trusted health professional about it. The reply was not quite what I expected
“I suspect most people would act in the same way. If you take the smart card out, and have to log back in again, it takes too long.”
This once again shows the complexity of the People / Process / Technology triad. What seems at first sight a people failure, transpires to be a technology failure causing a adverse people reaction.
What security failures have you seen recently, what has been the cause – please leave your comments below.
Once Upon a Camayoc 
There certainly is a technology problem there, though I suspect the human problem would not just go away if you fixed it…
Pulling out the smart card should lock the screen and the applications. Putting it back in should re-enable them all instantly. Should not be that hard to do. In fact, Sun did better than that years ago with the desktop that followed you around: *wherever* you plugged in the smart card, your own desktop would appear within a couple of seconds. No data or state was ever held in the desktop hardware, so much easier to control the security too.
LikeLike