At 01:16 PM 12/08/2013, Johann Kruse wrote: >Defence-in-depth means that an âadminâ >cannot get to a physical disk (they donât have >access to physical facilities), and the guys who >rack & stack hardware could not get any useful >information from the disk (data is >encrypted). EOL hardware is physically >destroyed onsite (e.g. disks shredded) and there >are checks and logs to ensure that actually >happens, so they couldnât even get the disk >out of the datacentre in the first place.
Great in theory and what I think 'normal' common sense people would have assumed was already happening in highly sensitive operations, like national security agencies, no? So what went wrong? If this is best practice, understood, and already going on in major large organisations now, why are data breaches at some of the most sophisticated companies on the planet who sell this stuff continuing to happen? Not just Snowden, who did have top clearances (more a governance accountability breach than a security breach perhaps), but Apple, Sony, NHS (UK) etc etc? http://www.gizmodo.com.au/2013/07/the-worlds-biggest-data-breaches-visualised/ Great map. Melbourne, Victoria, Australia [email protected] blog: http://janwhitaker.com/jansblog/ business: http://www.janwhitaker.com Our truest response to the irrationality of the world is to paint or sing or write, for only in such response do we find truth. ~Madeline L'Engle, writer _ __________________ _ _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
