That's a common mistake consultants make (sometimes it's intentional). You must make the entity aware (awareness training), of the risks associated with things such as losing any data (risk assessment). Consultants should be vehicles that bring value the process, and operations of securing information. They should enhance this concept, and NEVER be the final decision maker.
1. First off who gives interns responsibility for backup tapes?
2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
3. If they did have a tape reader there is no indication that they have any intentions of using the information.
4. Shouldn't the data be encrypted?
2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
He probably tried pawning the tape, not even knowing what it was. If the pawn shop owner recognized the possible value, even if only for sale on ebay, the data could still be at risk.
Off site storage shoulda been something like a safe depost box or a some type of place that stores items. Things like these should never be in a persons home.
I hope they're planning on using something stronger this time than rot13.
I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.
I hope they're planning on using something stronger this time than rot13.
I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.
Yeah, they're probably better off leaving it on top of the TV in the interns apartment.
Ressurecting this thread to post about yet another vanishing tape containing 150,000 Social Security Numbers and Credit Card information for 650,000 people with accounts at retailers such as JC Penny:
In the past few months most of the data breach stories have been primarily related to back-up media that goes missing. Clearly those with malicious intent have learned something from reading the stories, but the people responsible for properly securing and transporting such data have not.
Comments
KG
You don't think letting an intern take the company's unencrypted tapes home is secure?
I don't know what's safer for the tapes, living them in his car, or on top of his tv when he remembered to bring them inside. lol
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
An intern reports to an intern, who reports to a $125/hour contactor consultant, who reports to a $200/hour contractor consultant...
I wonder what else is going on RIGHT NOW that is putting Ohio tax payers data at risk. This is probably just the tip of the iceberg.
2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
3. If they did have a tape reader there is no indication that they have any intentions of using the information.
4. Shouldn't the data be encrypted?
He probably tried pawning the tape, not even knowing what it was. If the pawn shop owner recognized the possible value, even if only for sale on ebay, the data could still be at risk.
Identity theft is a huge industry with ties to organized crime. If the 2-bit punk(s) pawned the tape to a pawn shop owner... see my note above.
Of course. This was just one of the dozens of mistakes made in this incident.
Anyone have a contact number for this department? I would love to hire on as the $200/hr guy.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9052304&taxonomyId=19&intsrc=kc_top
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.
Yeah, they're probably better off leaving it on top of the TV in the interns apartment.
http://hosted.ap.org/dynamic/stories/P/PENNEY_DATA_BREACH?SITE=CTDAN&SECTION=HOME&TEMPLATE=DEFAULT
In the past few months most of the data breach stories have been primarily related to back-up media that goes missing. Clearly those with malicious intent have learned something from reading the stories, but the people responsible for properly securing and transporting such data have not.