Communication about the perils of taking inappropriate risk – and how to accept or not accept IT risk in government – is seriously lacking these days. There is clearly a link missing in the chain that connects government business managers with matters of importance such as IT risk.

Take for instance, the Utah data breach and all of the “lessons learned” that have been discussed since following a data breach that exposed the health data of 500,000 people and social security numbers of 280,000 Utah Medicaid recipients. The incident, which took place earlier this year, led the executive director of Utah’s Department of Technology Services to resign in May. Keep reading →