funsec mailing list archives
Re: [privacy] 26 IRS Tapes Missing in Kansas City
From: "Brian Loe" <knobdy () gmail com>
Date: Tue, 23 Jan 2007 08:32:28 -0600
On 1/22/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
This, of course, implies that you (as the manager) understand that knowing how to encrypt a hard drive is important enough to fire somebody who doesn't know how. And I don't think anybody expects the clueless IT guy to fess up voluntarily and ask to be fired because his skill set isn't big enough.
No. The IT manager's job is to make sure his people are providing the company with what the company needs. If a laptop gets lost, and loss of data becomes an issue, he'd not supposed to tell his tech to implement full disk encryption - he simply says to make it so this can't happen again.
(And it's not "obvious" that firing "most of" the 3 guys wouldn't make things worse - although it doesn't take a *lot* of tech clue to replace dead hard drives and install software patches/upgrades, it's the *very* rare IT shop that's so brain-dead that canning them and making the social workers do that stuff instead wouldn't be worse. A *LOT* worse.)
I don't know, I've known companies without IT staffs that do just fine calling in the occasional contractor.
I'll overlook the fact that most non-IT managers actually *believe* that computers are supposed to be balky things that rarely if ever work smoothly, so if things mostly-sorta-kinda work 90% of the time, they think they're actually ahead of the game. So they have no reason to expect better from their IT staff.
I think you need to get out more - I've never worked for a company, even a firehouse, who's employees expect crappy service. Perhaps its because most of them depended on their machines to conduct business, but regardless, what kind of worthless IT group does one need to have for 90% uptime to be viewed as good by the users? I've never seen it. <snip>
(For an example of how this works, see how quickly the US Govt moved to require full-disk encryption once the VA exposure of millions of records ignited a fire under the appropriate people. Feedback of the *actual* costs happened, and change is actually taking place).
Not sure what the point is here - didn't we start this thread off with questions about WHEN these people will pull their $hi7 together, specifically Kansas City? I believe the costs are known - the question is when will they do something about it. The idea that companies need stimulus to move forward with security projects is not a new idea, but the stimulus can be internal as well as a lost laptop. _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] 26 IRS Tapes Missing in Kansas City Fergie (Jan 19)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 19)
- <Possible follow-ups>
- Re: [privacy] 26 IRS Tapes Missing in Kansas City RMueller (Jan 20)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Shyaam (Jan 20)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Shyaam (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 22)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 23)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Valdis . Kletnieks (Jan 23)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Brian Loe (Jan 23)
- Re: [privacy] 26 IRS Tapes Missing in Kansas City Shyaam (Jan 20)