Stewart Stremler wrote:
I agree that it's not _theft_ that's the issue. It's _disclosure_.
Losing track of sensitive information is a big deal, and if it isn't,
it damn well ought to be, and we need to crank up the penalties until
it is taken seriously.
Maybe this is the problem I'm having getting across. To me, theft is a
proxy for disclosure. I don't care about protecting the data from a
thief who is going to pawn my laptop. I care about protecting my data
from someone trying to damage my company.
USB key in an offsite safe deposit box. This really isn't that hard.
Key management is not that easy, either. For a very small small shop, or
a home user, it is that easy. For a larger company, it gets harder. Who
can access that safety deposit box? What if that person is not avalable?
Or that person? What credentials are required?
Who has access to those tapes? What if that person is not available?
What credentials are required to access that information?
You can claim these are difficult issues, but they are no different from
other business issues. They are no different from "Who can sign
checks?" if the entire executive staff is killed.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
