Security Basics mailing list archives
Re: Physical Security & Protecting Information
From: discipulus <discipulus () attbi com>
Date: Mon, 17 Mar 2003 06:05:46 -0700
I wish to thank you all for your informative responses. It doesn't appear that there is any easy way to effectively police something like this but like a lot of vulnerabilities, the goal isn't to eliminate but to minimize by making it extremely difficult for someone to exploit. In a world where worms/viruses and external attacks garner most of the attention, I feel that an equal amount should focus on the protection of information through implementation and use of good physical security policy and procedures. I also think that one key strategy is education and involvement at all levels through the use of an effective security awareness program. Thanks again.. -D On Wednesday 12 March 2003 08:13 pm, discipulus scribbled:
Hi, I've read a lot of posts on this list and others and a good deal of security related articles on this site and others like http://www.sans.org and http://www.cert.org Most of what I have read focuses on network and/or computer security but I haven't found very much information that focuses on physical security, specifically in the area of protecting confidential proprietary company information. Here's a scenerio that should clarify what I'm trying to explain: Bob who works as a developer for StealOurStuff inc. tells Mary in the next cube that he's had a job offer from a competitor, plans to quit soon but hasn't told anybody. In the afternoon the following day, Mary notices Bob loading up a box with CDs, floppies and other media, including reams of documentation. She also notices Bob loading this box into the trunk of his car at the end of the day. What can be done to keep this type of potential compromise from happening? From my perspective, even if you have armed security guards that check bags & boxes going in and out of a building, people can still find creative or not so creative ways to get it out. A standard CD isn't that big and flash cards are even smaller. Are there ways to keep someone from getting the information in the first place or at least record what they've obtained? How do you do this when they haven't yet provided notice they are leaving and still have access to loads of confidential information? I've read about corporate espionage cases where a perpetrator at one company busts into the network of another company and stumbles into a directory named "Proposals" of all things but employees who walk out the front doors carrying protected information seems just as damaging or more so to me. Any insight would be appreciated. Thanks
Current thread:
- Physical Security & Protecting Information discipulus (Mar 13)
- Re: Physical Security & Protecting Information Philip Storry (Mar 17)
- Re: Physical Security & Protecting Information ullmic (Mar 18)
- Re: Physical Security & Protecting Information Lists (Mar 18)
- Re: Physical Security & Protecting Information Mike Dresser (Mar 18)
- RE: Physical Security & Protecting Information Duston Sickler (Mar 19)
- Re: Physical Security & Protecting Information ullmic (Mar 18)
- Re: Physical Security & Protecting Information Todd (Mar 17)
- Re: Physical Security & Protecting Information discipulus (Mar 17)
- RE: Physical Security & Protecting Information Filip Maertens (Mar 17)
- Re: Physical Security & Protecting Information discipulus (Mar 17)
- Re: Physical Security & Protecting Information pablo gietz (Mar 19)
- <Possible follow-ups>
- Re: Physical Security & Protecting Information A B (Mar 17)
- RE: Physical Security & Protecting Information Mike Heitz (Mar 17)
- Re: Physical Security & Protecting Information ullmic (Mar 20)
- Re: Physical Security & Protecting Information Philip Storry (Mar 17)