Why do I still keep hearing about breaches of confidentiality even though compliance to FISMA and SOX have been on the books for years?
Requires Free Membership to View
SearchFinancialSecurity.com members gain immediate and unlimited access to in-depth technical advice, strategies, and expert guides for securing data in high-risk financial environments. Join me on SearchFinancialSecurity.com today!
Michael S. Mimoso, Editorial Director
This is a question that many people asked in the wake of disclosure of the theft of a notebook belonging to a Veteran's Affairs employee that contained records for over 20 million former service people. The answers are many, but most relate to a failure to understand the sensitivity of the data, and to take the steps necessary to secure such data in a way that makes it safe to leave it on a notebook that's allowed outside the door of the building. Encrypting the whole drive beneath the BIOS would have been helpful, so that its contents simply couldn't be accessed by anyone with resources short of what the NSA might bring to bear. Establishing a policy about how and when such data can leave the building in any form, with appropriate safeguards and accountability, would probably have also prevented such a loss from occurring in the first place. Increasing mobility can lead to increased vulnerability, especially when the implications and the exposures to risks involved aren't fully explored and managed.
This was first published in October 2006