tag:blogger.com,1999:blog-13777170.post115117368441766117..comments2024-03-11T02:35:50.848-05:00Comments on grand stream dreams: Laptop Information (in)SecurityUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-13777170.post-1151634451341432962006-06-29T21:27:00.000-05:002006-06-29T21:27:00.000-05:00I kinda get more brevity in some of these things.....I kinda get more brevity in some of these things.... :)<BR/><BR/>I completely agree with what you state about security measures matching the value.<BR/><BR/>I'm mostly soapboxing about the mindset/attitudes of (data) security in general--then trying to add a few positive points to the mix. That we (as a collective/national whole) need to be more sensitive to sensitive data--be it at home or in the workplace.<BR/><BR/>All too often I come across individuals and groups--both in upper management and the end-users--who express a careless attitude about the value of the data they are entrusted with. I take it personally as I work at a goberment agency and (being the type of guy I am) take it personally as a matter of public accountability and duty. Unfortunately many don't which is why these data-loss events embarrass me.<BR/><BR/>Data "thieves" go after stuff for lots of reasons, the glory of hacking the challenging target (for bragging rights), for financial gain, for curiosity, for espionage, blackmail, heck, sometimes the opportunity just presents itself and it is just stumbled upon. Remember "War Games?" The kid-character was just auto-dialing for fun and stumbled into that system. I know that is just a movie, but an Agency or Corporation might spend millions a year in external security, but if they let me walk into their offices as a guest, don't have a policy on locking down their pc's and I happen to plug my thumb-drive into an unattended pc while the user is getting me a cup of coffee--who knows what mischief I could walk out the door with, or load onto their system.<BR/><BR/>I do see the G-Men got their laptop/drive back. They seem convinced that the data wasn't accessed. I hope they can also tell if the drive(s) were imaged or not.....probably not.<BR/><BR/>Like my bro. posted above, maybe we need to discover a new security paradigm. Where can we effectively maximize protection--knowing human nature like we do...in the gatekeepers and their systems or in the gates themselves? Or are we all responsible to step up and use the gates we have already designed and take our turn on the guard-watch.<BR/><BR/>It all starts with awareness of the problem.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13777170.post-1151631876312337422006-06-29T20:44:00.000-05:002006-06-29T20:44:00.000-05:00I have only skimmed this long write-up, but I beli...I have only skimmed this long write-up, but I believe there's an important principle missing: that of matching your security measures to the value of your data. If you're protecting a $10 million trade secret, your security has to be stronger than if you're just protecting a list of blog passwords or a credit card number. This is something that Bruce Schneier wrote about in one of his recent books: if the cost of breaking your security exceeds the cost of the data being protected, then you're relatively safe. However, if the cost of breaking your security FAR exceeds the cost of the data you're protecting, then you're probably spending to much time, money, and/or effort on your security.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13777170.post-1151374101544201912006-06-26T21:08:00.000-05:002006-06-26T21:08:00.000-05:00I may be a little off base here...but it seems thi...I may be a little off base here...but it seems this issue requires a new paradigm. On one hand, we can continue to rely on those with access to information (read as 80% of the working population) to follow the rules and be disciplined in their use of tech/dbs. On the otherhand, we can challenge those with the tech-savy to propose a new model. IMHO someone has to get WAY outside the box and propose a new model. Ideas?<BR/><BR/>- diggerAnonymousnoreply@blogger.com