Re: Incompetence, Ignorance or just plain stupidity?

[Valdis.Kletnieks () vt edu]

On Mon, 21 Jan 2008 23:53:46 GMT, Jim Murray said:
> Now call me naive, but any business who's employees managed to loose 
> that many laptops in 4 years would surely be asking some very serious 
> questions about it's IT policy.

All depends on the size of the business.  If the place has 100 employees,
that works out to one per year per employee, and questions *should* be
asked.  Where I work is closer to 10,000 employees, and that's a 1% loss
rate - still high, but not *that* outrageous.  If you're talking about
the Ministry of Defense, which is big enough that one of the lost data
files was for 153,000 *applicants* for jobs, it's down in the noise.

You are however correct that ideally, measures would be in place so that
if a laptop does go walkies, recovery would be a simple "Oh darn, get another
one off the shelf, image it, restore files from backup server, and get on
with productive work".

> Surely it's time encrypting hard drives became standard on ALL laptops?

The problem is that devising a scheme that encrypts the hard drive in such a
manner that the legitimate user is able to handle starting up the encryption,
but the thief in possession of a stolen one isn't able to start it up.  That's
where many "hardware encrypted disks" fall short - they work *well* in
preventing access to data if the disk is plugged into a machine other than
its intended one, but that loses if it's still in the laptop it's intended for.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.