Hosting Provided By

Re: Physical Security & Protecting Information

From: A B <hadavidi(at)yahoo.com>
Date: Fri Mar 14 2003 - 14:14:22 EST

('binary' encoding is not supported, stored as-is)
In-Reply-To: <200303122013.44431.discipulus@attbi.com>

While it is hard (if not impossible) to stop such thefts, a lot depends on your threat analysis and risk assessment. It is not clear from your mail about the industry you are in and what your mangement's prespectives are regarding this issue. A lot also depends on the premium the managment is ready to put for your information. In my organization, some of the departments have removed floppy drives/No CD-RW/No Zip Drives from their systems. They also have a clear policy that requires the employees to get appropriate permissions before attaching any external storage devices. So any violation of this policy is subject to disciplinary action. Of course, alternate arrangements have to be made to ensure that work flow is not impeded. Does this stop incidents such as those described in your mail. Definitely not. But it goes a long way in raising the bar and if you are liable for the information you hold, well the due diligence will definitely save you in the court of law.

My .01 cent

Cheers

>Received: (qmail 22594 invoked from network); 13 Mar 2003 23:50:54 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
[205.206.231.19])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id DDD33A30B8; Thu, 13 Mar 2003 16:52:08 -0700 (MST)
>Mailing-List: contact security-basics-help@securityfocus.com; run by
ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics@securityfocus.com>
>List-Help: <mailto:security-basics-help@securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
>Delivered-To: mailing list security-basics@securityfocus.com
>Delivered-To: moderator for security-basics@securityfocus.com
>Received: (qmail 25527 invoked from network); 13 Mar 2003 03:04:39 -0000
>Content-Type: text/plain;
> charset="us-ascii"
>From: discipulus <discipulus@attbi.com>
>To: security-basics@securityfocus.com
>Subject: Physical Security & Protecting Information
>Date: Wed, 12 Mar 2003 20:13:44 -0700
http://www.sans.or=
>g=20
>and http://www.cert.org Most of what I have read focuses on network=20
that=20
>focuses on physical security, specifically in the area of protecting=20
day,=20
>Mary notices Bob loading up a box with CDs, floppies and other media,=20
Received on Mon Mar 17 12:52:12 2003

This message: [ Message body ]
Next message: ladhanikarim(at)yahoo.com: "Re: Home users with VPN connections"
Previous message: Sullivan, Glenn: "RE: Critical/Security Updates as well as other Patch Management"
In reply to discipulus: "Physical Security & Protecting Information"
Next in thread: discipulus: "Re: Physical Security & Protecting Information"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:55 EDT