funsec mailing list archives
Re: [privacy] 26 IRS Tapes Missing in Kansas City
From: Shyaam <shyaam () gmail com>
Date: Mon, 22 Jan 2007 15:45:33 -0500
Thanks a lot for listing Mr.Vladis. I really did not think of these cases when listing. I am lacking in looking at every aspect. My knowledge is limited, but I really do understand the different ways to look into things from different angles, from your response. Well, yes, it is always a trade off and nothing has a perfect answer on such scenarios. I wouldn't agree that I gave the "best" list after seeing your response that had scenarios that I did not even consider :-). Thanks a lot once again. Kind Regards, Shyaam On 1/22/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Sat, 20 Jan 2007 21:06:57 EST, Shyaam said: > forensics". So best is to avoid people storing CONFIDENTIAL data on portable > devices no matter what their security clearance level is. The other best > thing is to use always track data that goes in and out of the network. The > next is to not let people whom you dont know into the building > itself(perimeter) and to restrict people from moving from one department > floor to the other or something of that sort(perimeter protection). Cant > these be simple for people to take action on ? The problem is that it's all about *tradeoffs* - yes, you've enumerated the "best" way to do all that stuff. The problem is that in trying to *enforce* that, you end up hitting all these corner cases where implementing proper security gets in the way of actually getting work done. For instance - security-wise, it would be "best" if the files that Social Services has on their clients stay on the central servers. However, what do you do if you have a case worker that makes house calls, and having the files on a laptop where they can reference them while at the site would make things a lot easier? What do you do if you have a valued employee who has legitimate reasons to telecommute? And so on, in a twisty little maze of corner cases, all different.... And it gets worse - that social worker doesn't understand computer security, and they don't want to. They have a Master's in Psychology or some social science, and *their* job is to make sure that these kid's mom is staying off crack. That worker's manager isn't interested either - he's responsible for making sure as many client moms stay off crack as possible. You go up the org chart food chain, and by the time you hit somebody that *might* care about security, it's probably somebody who doesn't even *know* that social worker is on the payroll, and is too busy worrying about getting the department their share of Federal money to think about computer security. And if you've *ever* put in a temporary firewall rule because something had to work *this afternoon*, you're just as guilty as that social worker's manager, who OK'ed putting stuff on laptops because work had to get done *this week*. More so, because you should know better...
-- Thank you in advance for your time and consideration. Shyaam Sundhar R.S., GREM, GHTQ, GWAS
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] 26 IRS Tapes Missing in Kansas City Fergie (Jan 19)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 19)
- <Possible follow-ups>
- Re: [privacy] 26 IRS Tapes Missing in Kansas City RMueller (Jan 20)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Shyaam (Jan 20)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Shyaam (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 23)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 23)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 23)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Shyaam (Jan 20)