Auditor Loses Data on Thousands of McAfee Employees

This is one of endless examples of people “loosing” information ….

Unencrypted disk containing sensitive information left on airplane seat.


[Via PCWorld.com – Latest News Stories]

Peter de Haas
Peter de Haas

Peter is gedreven door de eindeloze mogelijkheden die technologische vooruitgang biedt. Met een scherp oog voor het herkennen van oplossingen waar anderen slechts problemen zien, is hij een expert in digitale transformaties. Peter zet zich met volle overgave in om individuen, teams en organisaties te begeleiden bij het ontwikkelen van nieuwe vaardigheden en het implementeren van innovatieve oplossingen.

Artikelen: 3817

5 reacties

  1. I guess they should have been using Lotus Notes, and he could have had a local enrcrypted database with the information, instead of CD. Guess we need to make a phone call… 🙂

  2. Alan,
    Ofcourse that is an option but I think a rather expensive one if Lotus Notes is not your standard platform.
    Furhermore what happens to the file / document when it is taken from the database and for example emailed, or put on a memorystick ?
    Microsoft’s Rights Management Services takes care of that : http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
    It secures your information regardless of the applications / means you store it. This would work great also for Lotus Notes users 😉

  3. Local Notes Encryption is done at the file level, so it is persistent no matter what media it’s on. Basically, the file is locked using Public Key Encryptionand can only be unlocked by having access to the ID that locked it. There’s no way around it that I know of. You can take the file to a different operating system and you still wouldn’t be able to access it without access to the ID. And since it’s part of Notes, there is nothing additional that needs to be administered or installed for the user to work with it.
    Starting in Notes 6, administrators are able to set a policy to force local replicas to be encrypted by default so the user’s don’t have to remember to do it. I can’t think of an easier way to handle sensitive information.
    Sean—

  4. “a rather expensive one”… oh please…
    http://www.microsoft.com/windowsserver2003/techinfo/overview/rmsoverview.mspx
    To use RMS, organizations need the following licenses:
    – Windows Server 2003 or Windows Server 2003 R2 Server License
    – Windows Server 2003 Client Access Licenses (Windows Server CALs
    – Windows Rights Management Services Client Access Licenses (RMS CALs)
    – In addition, organizations have the option to acquire an RMS External Connector (EC) license
    – At the server level, RMS relies on Windows Server Active Directory® directory service (Windows Server 2000 or later) and a database such as Microsoft SQL Server™ to store configuration data. Both are required to implement RMS.
    – For creating or viewing rights-protected Microsoft Office documents, spreadsheets, presentations, and e-mail messages, Microsoft Office 2003 Professional Edition is required.
    Enough said…

  5. Alan,
    Expensive is meant in contaxt to the fact that if you don’t have Lotus Notes Domino it is not an option 🙂
    Furthermore the list of requirements you have kindly provided also show products that are not exclusive for RMS; they are part of the standard infrastructure for many organisations.
    Expensive in this context should also be seen in the light of why organisations would deploy such a solution. This ofcourse is partly explained by my blogpost. There have been many incidents like this one and these organisation would have wished they had made an investment in such solutions …

Reacties zijn gesloten.