Following on from my post last week which discussed the loss of Top Secret government documents a second breach has been hitting the headlines.
I was amazed that these kind of documents were left on a train once but to happen twice is beyond belief. Several of the statements made by government officials/in news reports did grab my attention, firstly:
"His work reportedly involves writing and contributing to intelligence and security assessments, and he has the authority to take secret documents out of the Cabinet Office - so long as strict procedures are observed."
So the government actually allows Top Secret (National Security documents) to be printed and taken off its premises. As a Security professional my first reaction was one of surprise until you consider the major security blunders by the UK government in the past 12 months.
Secondly, a comment made by Keith Vaz, Chairman of the Home Affairs Select Committee:
"no official no matter how senior, should be allowed to take classified or confidential documents outside their offices for whatever reason."
That seems a good enough start in my opinion. But this really does come back to very last point I made in my original post last week about printed data.
It is one of my biggest professional fears, how do I know people aren't printing sensitive data off and stuffing it into their pockets? As a financial services company we get emails every week from individuals and banks (yes, banks) which contain un-encrypted sensitive data. Fortunately we have well defined procedures and skilled staff to respond correctly to these emails. But what if we didn't?
In terms of technical controls we can control the risk of theft around this data but if it were printed then all bets are off. A user could just print the email, if we prevent printing then could do a screen print, they could even write it down and away they go. In this day and age of mobile phones with high resolution cameras what is to stop people just taking a picture of the data and taking it that way?
When you think of it like this you may feel a bit of sympathy for the government, but they have the budgets and the ability to hire the top talent to prevent these breaches.
Posts
An idea to help secure U.S. cybersecurity…
9 years ago
No comments:
Post a Comment