Re: VA toughens security after PC disposal blunders

[InfoSec News <isn () c4i org>]

Forwarded from: H C <keydet89 () yahoo com>

 
> John Gauss, the VA's chief information officer, said the agency
> decided to buy an enterprise license for Ontrack Data International
> Inc.'s DataEraser software as a result of the Indianapolis incident.

As a vet, it sounds to me as if the VA needs to be de-Gaussed.
 
> "We also examined our overall cybersecurity process and decided we
> were going to strengthen it through the development of a
> qualification and certification program for ISOs," or information
> security officers, Gauss said.

Ah, I see the logic...major incident, THEN we certify ISOs.  Oh,
okay...makes sense to me now.
 
> Bruce Brody, the VA's cybersecurity chief, said the Indianapolis
> incident helped speed efforts to tighten security within the VA.

Speed it up?  How so?  Send out an email stating that all hard drives
need to be wiped, using any one of the various freeware wiping
utilities, before they leave the organization.

Talking directly to people or "busting" them isn't going to do any
good...it's the federal government.  You can't get fired from the
federal government unless you really, really try very hard to do so.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.