Security Basics mailing list archives

Re: risk assessment - non electronic data

From: "Marc-André Laverdière" <marcandre.laverdiere () gmail com>
Date: Thu, 2 Oct 2008 06:30:11 -0400

You can learn from the way governments handle classified materials.
I'm not an expert, but some leaks lately give you a picture.

1) Serial number on each document, with a different number for each copy
2) Lock and key, and tight control on that
3) Register of who can have what in the office
4) Register of who can have what out of the office
5) Keep track of each document that enters or leaves the safe

Don't know more, but that's a start.

On Wed, Oct 1, 2008 at 10:20 AM,  <s0h0us () yahoo com> wrote:

Hello everyone,
I'm looking for some advice on performing information security risk assessments for non-electronic data (hardcopy 
instances of confidential information). I've going through the process of identifying confidential documents, and 
verifying that it is securely stored...anything else I should be doing?
thanks in advance




-- 
Marc-André LAVERDIÈRE
"Perseverance must finish its work so that you may be mature and
complete, not lacking anything." -James 1:4
mlaverd.theunixplace.com/blog

 /"\
 \ /    ASCII Ribbon Campaign
  X      against HTML e-mail
 / \

Current thread:

risk assessment - non electronic data s0h0us (Oct 01)
- Re: risk assessment - non electronic data Alexander Swensen (Oct 01)
- IPS Mattias Hemmmingsson (Oct 02)
  - Re: IPS Gleb Paharenko (Oct 14)
    - Re: IPS Adriel Desautels (Oct 14)
  - Re: IPS Javier Reyna Padilla (Oct 14)
- Re: risk assessment - non electronic data Marc-André Laverdière (Oct 02)
- <Possible follow-ups>
- Re: risk assessment - non electronic data martlaberge (Oct 01)