Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

You encrypt your laptops, but what about portable media?

Published: 2013-01-12
Last Updated: 2013-01-12 17:41:01 UTC
by Stephen Hall (Version: 1)
3 comment(s)

As a data loss control many organisations now ensure that laptops are mitigated by installing full disk encryption or by having a partition / area of disk which is encrypted.

However, laptops are not the only way to pick up and carry out of your organisation the data which you are meant to be protecting. Various products also address this space of the toolset to mitigate data loss risk.

Walter has e-mailed in with the heads up that various Canadian news media are highlighting a report that a portable disk containing 583,000 Canadians who were clients of the Canada Student Loans program from 2000 to 2006 has been lost. If you were lucky enough to borrow money through this program but you were from Quebec, Nunavut and the Northwest you were lucky this time. The data lost includes:

  • Student names, social insurance numbers, dates of birth, contact information and loan balance of Canada Student Loan borrowers.
  • Personal contact information for 250 Human Resources and Skills Development Canada(HRSDC)employees.

So when doing the risk assessment of your organisations data loss mitigation please consider the end to end lifecycle of the data and how that data can move to and from your staff members hands. That can also include portable media which, if allowed at all through a technology or physical security control, should be access controlled and any data be encrypted when data is allowed to be written to it.

Steve

Keywords: DLP
3 comment(s)
Diary Archives