Re: Security culture

Tue, 07 Aug 2007 02:34:24 -0700 

From: "Tracy R Reed" <[EMAIL PROTECTED]>
I have been hanging out on the sdw2003 mailing list recently to get an idea of how the other half lives. It's a bit like going to explore a strange foreign country and getting culture shock. One area where I suspect we differ is in the area of security. I would like a few KPLUGgers to review this thread and give me their opinion on how they would have advised the original poster: 


I read a total of 5 pages, the links from both 2 emails. Did I miss one? or 
more?



First thing first. This hints of either one of two things, someone 
inexperienced wondering what would happen if .... or someone who is way over 
their heads. The last hint of speaking to someone off list seems to me like 
something got fixed.



In any event a police report should have been filed, depending on the data, 
the police will be investigating you further to some end info about the data 
is needed to decide what is important and what is not, the police are also 
well equipped to give you info on how to continue depending on the data, 
insurance companies are also a good source of who to call in any case.



From what I read your questions stand, the magic "safe" could have been 

anything and anywhere, a set of scenarios: if the safe was in a retail 
environment one could have stolen the safe for the thought that it had paper 
money in it. In this case the chance that any attempt to decrypt the data 
would seem slim at best. However if that same safe was say in a medical 
center where money would be less likely, then they had better be notifying 
someone depending on where they are. Some info about the safe would have 
been appropriate to be shared. However to add a twist to that, you do have 
to be careful who you say what to when your dealing with an incident which 
may or will lead to a trial.



The posters dismissal of the employees seems at first odd, but that's info I 
can see not posting. It might be a smart employee who knows or thinks that 
real good logging is taking place, stealing the safe might be the next best 
thing, and a found fingerprint means nothing, anyone can hire a Gump to 
steal for your.



the note about not knowing what software was used is bogus, completely 
bogus, its just too easy to tell, and to decrypt to some readable state vs. 
an executable state IE recover some data on a backup vs. use the entire 
backup to replace what was on the computer requires different amounts of 
work.


Richard Reynolds
[EMAIL PROTECTED]


--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list






















					Reply via email to