Two things (or more?) come to mind after these latest news! After (thousands of) years of problems in security, the institutions still don't think the security as a vital business function? And, we only see large security problems - if large institutions have problems, how many smaller must(!) have even more, or do they? Might be interesting to know, is it just statistics (large incidents) or a tragedy (one person mishap)?
Anyway, with todays technology and capabilities, how it even can happen? At least I haven't seen any studies if it is executive branch laziness or incompetence, is it a middle management problem or what is the reason? After 30+ years dealing with IT (and other) security - it isn't technology (it never is!), it isn't skills to use technology (anyone can use the current tools and toys!), it definitely is not the cost (security saves and, done right, makes even other IT business less costly), so ?? And it can't be the lack of rules, regulations, laws, policies or standards - none of those are really needed to do the "right thing"! Besides we have a lot of those already.
This just before my morning coffee and lately talking / listening one (huge) company which tries to dance around the security issues with marketing and technology instead really having plans, architecture and designs!
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
The easiest...
way to prevent sensitive data from being stolen from laptops is to NOT HAVE SENSITIVE DATA ON LAPTOPS!!
Even more easier..
More effective - don't have sensitive data!
But in a way you are right. If the sensitive data is not literally(!) needed, why even to have it? We implemented, a long time ago, for application development, testing, QA, even statistics a method where you got he data, not the real one, but which had the same characteristics as the real one. It was generated from real data, let's say you need data for testing, run a job and you have a "real" environment, all the data is fake but has the same characteristics as the real one - the applications don't know and don't have to know the difference! The user, developer, QA person, statistician, etc doesn't know, should actually not care, because they are not interested of the data itself but the information how, what, when, where, etc.. A name is a name, a number is a number, a bit is a bit, etc as long as the information in data has the same characteristics, boundaries, behavior, etc as the original.
Now, sometimes you really, really need the real data and even in IT the final acceptance / production tests really need it because of depencies - there is no way to fake it all. Then it is the time to protect it in any methods available (most very old!) - methods don't change much even the technology does (tools and toys, gets easier day by day!)
Post new comment