A friend forwarded an interesting article to me yesterday. It was posted on the BBC News web site reporting "Up to 1.7m people’s data missing." Of particular note in this article:
"EDS assesses that it is unlikely that the device was encrypted because it was stored within a secure site that exceeded the standards necessary for restricted information."
I read an interesting article in the latest SANS Ouch, Vol. 5 No. 10. It points out the results of a couple of surveys done by McAfee which show many of the 378 computer users interviewed by phone were undereducated when it comes to recognizing threats the Internet poses to their computers and to their personal privacy. Go take a look the article and follow the links to the full report.
I attended a presentation last week and heard the phrase, "The server is secure. It has a password."
Never mind I was at a security meeting. What hits me is that simple phrase being used. But then, why should I be surprised?
I figured it would only be a matter of time before something would pop dealing with information security and VP nominee Governor Palin. The news is all over the Internet by now.
If anything, this should be used as a wake up call for any and all businesses. What is the call? Don’t permit web based emails to be used from within the company or from company resources. Even in Palin’s case, it shows some general dialog between Palin and others in the Alaskan government. Additionally, information and pictures of her family were posted on the Internet.
Disaster recovery planning is something most people don’t enjoy doing. I know I don’t. For most of the DR planning I’ve done outside of the military I have found the process to be a waste of time. Why you ask?
Because after the planning is over and the document changes are finalized, the business is ready to move on to something more important. They are operating in the now and believe DR is something we will never have to use…hopefully. Cross your fingers as it were. I mean, after all, the document is done and the check mark can be placed in the box for those needing to know if we have a DR plan.
It’s been awhile longer than I like to admit for posting. I suspect I’ve been befallen like many others…staying up late night to watch the Olympics. I’ve enjoyed them more this year for some reason than in years past. Maybe I have a greater appreciation for the amount of work it takes these athletes to prepare for competition. And it’s heart breaking when they make a mistake and know it. They continue on even when they recognize their dream of medals is over.
Here’s an example of borderless, worldwide crime. Remember the TJ Maxx data breach? More details are coming out. A couple details it brings to the top:
1. Location, location, location. Meaningless with digital crime. A worldwide reach is possible right to your backyard.
2. Wireless is a threat. Configure it properly. When done right it can work. Haphazardly…watch out.
Be smart people…from the Mom and Pop shops all the way up to the huge corporations. It doesn’t matter. Secure it.
When do politics come into play with regard to good security? And will politics be a contributor or detractor to information security?
These are two important questions I’ve encountered over my career. The answers can be rather nebulous and will differ from organization to organization. The short answer is yes…to a point.
I haven’t posted in a couple of weeks. But this little incident was enough to jump in the saddle real quick. I am working on a couple of other posts which will appear soon.
This incident ongoing in San Francisco is an excellent example for employing "checks and balances." There should never be a situation where one person holds the only set of keys to the data. Never. What should happen then?
People always seem to be afraid of Big Brother. They don’t like to be watched or have the feeling they are being watched. I don’t blame them. What is interesting to me is how some supervisors and managers want to rely on it when it might suit their needs.
It amazes me how many times I’ve had to turn down requests from these "leaders" attempting to use Big Brother as a management tool. I’ve heard the whole list of explanations: