Recently I attended a gathering where a litigation lawyer was giving a presentation and made the statement, “The defendant’s information security officer did not have any type of security certification, such as a CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager), which demonstrated lack of qualification for her position, and negligence on the part of the hospital system that had hired her to fill that position.” (more…)