On Thu, 18 Jan 2007 19:44:29 -0600, Jeffrey Deaver wrote: >Its too easy for one of those 'secure' tapes to walk out the door with a >disgruntled employee. And when the audit turns up a tape missing - its not >going to care how or where it went - only that its missing and not >encrypted. More than once I've read notices from companies announcing >breaches where they state that they are '99% sure its in a landfill, >but...'. And while that may be true and the data is more than likely safe, >the damage to the reputation is already done, and the cost to notify is >real. > >For my money, if it >can< be carried out, its going to be encrypted.
So what happens when that disgruntled employee decrypts a tape and downloads it to a USB memory stick and walks out the door with that ??? Those memory sticks hold a lot of information and they're very small. At some point, you've got to evaluate the situation for reasonableness and call it good enough. I would also argue that the disgruntled employee scenario is a data theft, not a data loss. Prosecute relentlessly or it will only get worse. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
