[privacy] 26 IRS Tapes Missing in Kansas City
Shyaam
shyaam at gmail.com
Mon Jan 22 14:45:33 CST 2007
Thanks a lot for listing Mr.Vladis. I really did not think of these cases
when listing. I am lacking in looking at every aspect. My knowledge is
limited, but I really do understand the different ways to look into things
from different angles, from your response. Well, yes, it is always a trade
off and nothing has a perfect answer on such scenarios. I wouldn't agree
that I gave the "best" list after seeing your response that had scenarios
that I did not even consider :-).
Thanks a lot once again.
Kind Regards,
Shyaam
On 1/22/07, Valdis.Kletnieks at vt.edu <Valdis.Kletnieks at vt.edu> wrote:
>
> On Sat, 20 Jan 2007 21:06:57 EST, Shyaam said:
> > forensics". So best is to avoid people storing CONFIDENTIAL data on
> portable
> > devices no matter what their security clearance level is. The other best
> > thing is to use always track data that goes in and out of the network.
> The
> > next is to not let people whom you dont know into the building
> > itself(perimeter) and to restrict people from moving from one department
> > floor to the other or something of that sort(perimeter protection). Cant
> > these be simple for people to take action on ?
>
> The problem is that it's all about *tradeoffs* - yes, you've enumerated
> the
> "best" way to do all that stuff. The problem is that in trying to
> *enforce*
> that, you end up hitting all these corner cases where implementing proper
> security gets in the way of actually getting work done.
>
> For instance - security-wise, it would be "best" if the files that Social
> Services has on their clients stay on the central servers. However, what
> do
> you do if you have a case worker that makes house calls, and having the
> files
> on a laptop where they can reference them while at the site would make
> things
> a lot easier?
>
> What do you do if you have a valued employee who has legitimate reasons to
> telecommute?
>
> And so on, in a twisty little maze of corner cases, all different....
>
> And it gets worse - that social worker doesn't understand computer
> security,
> and they don't want to. They have a Master's in Psychology or some social
> science, and *their* job is to make sure that these kid's mom is staying
> off
> crack. That worker's manager isn't interested either - he's responsible
> for making sure as many client moms stay off crack as possible. You go up
> the org chart food chain, and by the time you hit somebody that *might*
> care
> about security, it's probably somebody who doesn't even *know* that social
> worker is on the payroll, and is too busy worrying about getting the
> department
> their share of Federal money to think about computer security.
>
> And if you've *ever* put in a temporary firewall rule because something
> had to
> work *this afternoon*, you're just as guilty as that social worker's
> manager,
> who OK'ed putting stuff on laptops because work had to get done *this
> week*.
> More so, because you should know better...
>
>
>
--
Thank you in advance for your time and consideration.
Shyaam Sundhar R.S., GREM, GHTQ, GWAS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.whitestar.linuxbox.org/pipermail/privacy/attachments/20070122/d289442e/attachment.htm
More information about the privacy
mailing list