|
More lost data...
What the hell are they doing? Yet more details stolen from our wonderful government. Why aren't they encryted? Why do they leave the offices? Why do they repeatably leave these laptops alone/exposed? But most of all why do they feel the need to have such databases?
Quote:
|
Re: More lost data...
unbelivable... and if this was an ordinary company i wonder how many times they would be in court over this??
|
Re: More lost data...
nothing to see here, move along...
|
Re: More lost data...
Quote:
My understanding of the MOD laptop case, was that the laptop was stolen. Yes their IT policy could of been better, but again, their policy is not the fault in the system, it's the physical security for the laptop itself (are we to propose that all laptops, regardless of content, are kept 100% secure at all times - just to be sure we're OK?). I've just had a quick look around the internet, and I find that in 2005 EDS won a contract to run the Ministry of Defence Defence Information Infrastructure. So I would assume that EDS had something to do with the laptop in question. I'm not sure if they dealt with the data storage though, and it would be silly of me to accuse them of that. The HMRC data that was lost recently however, was enroute from an EDS office. I also know that EDS deal with HMPS IT systems and data storage. Again, I feel the need to re-iterate the point that during investigations, no fault has been found with EDS procedures. Anna, EDS is a private limited company, part of the Atlas consortium. ;) I can't help but feel that these published security lapses are just a convienent slight of hand though. Give people bad news in order to hide terrible news. There is a commonality in them, but no-one is really to blame, and it gives the public at large something to complain about - let's face it, as a nation, it's something we're good at. Where has all that debate about WOMD gone? Or the one about Iraq and soldiers pulling out? Hmm. |
Re: More lost data...
it's all worth it for the pathetic letter.
http://forums.sv650.org/showthread.php?t=103773 priceless xx |
Re: More lost data...
Quote:
|
Re: More lost data...
We've just completed a contract for EDS of 140 cases which are off to Afghanistan.
They may not be able to stop things being stolen, but at least they won't get broken:D |
Re: More lost data...
Quote:
but to your second point .. a laptop that contains secure data of such nature should be encrypted. It's not a case of all laptops regardless of content it's a case of laptops that contain this data... yes it should be encryped and to me that is a company being incompetant if it does not secure such things and, as such liable. |
Re: More lost data...
Quote:
I know first hand that there is a lot wrong with the company, however, I wouldn't go so far as to accuse them of being liable. Afterall, if the laptop wasn't stolen, there would be no issue regardless of any cryptography used. Specifically in the case of HMPS databases maintained by EDS, I know there is security on those databases, to an extent whereby if you don't have the correct software, there's no chance of you getting in. However, the software to access it is freely downloadable by all. Then you only need the password, which is (usually) stored in plain text within the data itself. I know EDS are very careful in their wording of all their contracts. The process involves EDS recommending to their clients what they feel is suitable. Then the client either OK's it or not, and you have to bare in mind that the person giving the OK may not be a technical person in respect of computing. I also know that specifically on the HMPS contract, the equipment put in place at EDS' recommendations was not sufficient for the task. I also feel the need to emphasise the past tense on my last sentence, I don't know if this is still the case. In the case of the MOD laptops however, it's my understanding that MOD policy is now (I don't know if it was at the time of the theft) that all data is to be securely encrypted when it is not on physically secure sites (ie, authorised personnel only). MOD staff not following this procedure are disiplined pretty severely (data released into public domain may be of higher importance than that already leaked for example). If the above policy was in place before EDS won the MOD DII contract, and they are responsable for the data in question, then they will only claim that they recommended both hardware and software, and this was OK'd by the MOD. EDS will claim that they had no working knowledge of MOD internal procedures, and lay the blame directly at the feet of the MOD. The anecdote in computer security goes "There is no such thing as a secure system, if an attacker has the time, resources and determination, they will gain access regardless." This is true even of the most complex cryptographic procedures the MOD have available to them. Just that by the time the data is decrypted, we'd all probably be dead. Unless it's been cracked... |
Re: More lost data...
sure I understand what you are saying Baph but fundamentally a laptop is much more portable then a pc and as such data held of such delicate nature should be encryped it doesnt matter if this machine was stolen or not it should be part of their procedures and back in my insurance days covering IT based companies we would recomend this. It really doesnt matter if the machine is held in a physically secure site or not.
Having the laptop stolen has just highlighted their error.. and yes if it hadnt been stolen no one would be any the wiser that this was their practices. |
| All times are GMT. The time now is 09:48 PM. |
Powered by vBulletin® - Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.