Re: VA Loses another Hard Drive with data on 48,000 veterans

["Justin Ross" <RossJ () sddpc org>]

Unfortunate as it is, security has to have buy in from the top down. Which usually only happens once a vulnerability on 
your network is exploited, and ends up costing the company (monetarily, reputation, or otherwise). Sometimes the only 
thing we can do is CYA, and warn our users/bosses of the dangers, have them sign a document verifying they have been 
told of the risks, and just let them do what they will. Sometimes you just can't protect people from themselves.

Having said that, we currently are looking into the following products:
 
Utimaco Safeguard Easy
GuardianEdge
PGP Whole Disk Encryption

All seem to be feature-rich, and perform well.

Justin.Ross
CCNA, CCSE, MCSE, CISSP


> > > "Ed" <security () kdtc net> 2/5/2007 8:34:24 PM >>>
Saqib Ali wrote:
> http://www.full-disk-encryption.net/news/article329.html 
>
> Associated Press is reporting that a portable hard drive belonging to
> Veteran's Administration has been stolen. The Official Press Release
> is available at the VA website.

This is something I'm glad I can keep track of here.  This past
year alone has shown that it is easy to take things for granted
and expect things  to stay where they are, when in fact, one
shouldn't.  Unfortunately, I seem to be one of these people
who have gotten a 'little slack' in terms of maintaining a
secured network.  (Can never get my point across to users
and bosses on security issues.  They never seem to understand that
P2P and Skype really don't really belong in a corporate
environment.  The only consideration is 'low cost' and
'convenient').

Anyway, there's certainly a plethora of solutions for encryption(whole
disk or otherwise).  Does anyone here have any good suggestions?

So far, I'm looking at PGP Whole Disk and it looks promising.

Thanks.

Edmund