archives  If you want an RSS feed try this xml rss V0.91 feed

Wednesday, February 20, 2008

CPS lose Control of Data Disks

Crown Prosecution Service

While the Government reels under another Data Gate episode its worth considering this particular case in detail. The fact that the 'disks' didn't go missing, were not stolen or the details leaked, or so we are led to believe.
However, I'd argue that the fact that they sat in someone's draw for weeks if not months without anyone being alerted to the fact was as serious a case of data loss as any.

The data was sent by the Dutch Police on hard media, be that CD-ROM or DVD or a SATA disk, it matters not. Exchanging data in this manner makes it impossible to audit in any effective way. To be sure that the data is dealt with correctly any system used to exchange sensitive data should at least deal with some or all of the following issues.

  • encrypt the data
  • require strong authentication to access the data
  • record automatically who received the data
  • record automatically who reads the data
  • provide alerts on data being read
  • provide alerts when data is NOT read
  • time control validity of data (expiration)

Without mechanisms such as these and the information they provide on the usage or access of the data we lose control, without that control we can not say the data is safe or secured.

Take a look at the Cyberark Inter Business Vault it does all of these things and more.

Related Links
Cyberark Inter Business vault
Laptop Security
Data Encryption Master Class
The North East Fraud Forum
Tories demand suspects statement : BBC
Crown Prosecution Service

Labels: , , ,


posted by Robert Campbell 8:12 AM


Powered by Blogger Pro™