Security Basics mailing list archives
RE: Notebook policy (need advice)
From: "Pranav Lal" <pranav.lal () gmail com>
Date: Thu, 25 Jan 2007 06:31:30 +0530
Hi Justin, <snip This is also something my company is currently looking at. One of the issues we discussed however was the fact that when you start basing policy on risk there becomes a "grey" area. For example, we really only care about losing "sensitive" information, but in our environment, that tends to lead to our users deciding what is "sensitive", and applying their budget/decision accordingly. By making a policy/standard across the board, we might be paying extra to encrypt unsensitive data but avoid something slipping through the cracks. PL] this is where an information asset classification comes in handy. You can mandate that all assets above a certain classification level need to be encrypted by default which takes the judgement out of the users the main. Pranav
Current thread:
- RE: Notebook policy (need advice) Pranav Lal (Jan 25)
- <Possible follow-ups>
- Fwd: Notebook policy (need advice) kevin . fielder (Jan 25)
- Re: RE: Notebook policy (need advice) Johnny (Jan 26)