Geoff Khol, of Security Info Watch, provided an interesting scenario on his blog today. Geoff, we have yet to meet in person, but I am a big fan of your work. We need more proactive persons in this industry to keep us moving forward. Biometrics and Analytics are great, but we absolutely need to have more discussions on policy and overall preventive measures from a “common sense” approach, especially in regard to identity theft.
For those who have not already, I encourage you to visit the blog topic: In short, Geoff describes a scenario in which a common laptop theft can cause great financial pain to an organization. One point, which Geoff absolutely nails, is that despite new hard-drive protections and encryptions, a host of sensitive data is still stored, or cached, on legacy systems. Laptops and PCs that do not have great protections depend on the organization and the user to be cognizant of the threat they represent.
Policies for data distribution need to be put in place at the admin level. Databases should not be allowed access to write or store information on networked PCs that could cause a threat. This can be achieved via proper network policies. We can secure a Data-Center much easier than common-area office space.
Also, developmental “test” servers should only host fictitious or “junk” data that cannot be compromised. It is when we become lazy in our testing that we fail to create false data and instead use old copies of client information.
Finally, mobile workstations must be equipped with hard-drive protections. IBM offers a great product as do several third-party software providers. Protections at the hard-drive level is the best security currently available for mobile units. This is not everything, but at least it's a start.
Great job, Geoff. We can always use a good scare on Friday the 13th.
My direct comments to Geoff:
Geoff, great narrative. These are the types of scenarios more CSO's, and maybe more importantly CFO's, need to be thinking about. It has been said many times, “Security is only as good as the enforcement policies behind it.”
No matter how great your Optical Turnstiles and Door Sense Monitors work, if you don't enforce passback , the technology is meaningless. The same can be said for data-security. The best bit-lockers and firewalls don't do anything for the employee who is not reprimanded for taking sensitive data home on his laptop or for leaving his PC in an unsecured location.
Granted, there is only so much we can do to prevent data theft, but as a collective group of security professionals, we have not done nearly enough.
Subscribe to:
Post Comments (Atom)
2 comments:
Hello. And Bye.
good morning everyone. I'm actually into shoes and I have been digging for that singular model. The prices as regards the shoes are about 240 bucks everwhere. But completely I set this area selling them as a remedy for half price. I in reality love those [url=http://www.shoesempire.com]gucci sneakers[/url]. I will definetly order them. what can you say about it?
Post a Comment