Thanks, Lee. You made my point, e.g., clear policies and procedures, training, and enforcement. It's not just laptops we need to be concerned about in health care...it's all of the other portable devices, such as PDA's,etc.
Rachel -----Original Message----- From: Kelly, Lee [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:11 PM To: '[EMAIL PROTECTED]' Subject: Re: Laptop Losses Rachel, In response to >>What other mechanism do you have in mind to preclude the loss/theft of portable devices?<< Not meaning to sound glib, but in most cases nothing can be 'totally prevented'. That being said there are two basic thoughts on theft of portable devices: The target is the data thought to be stored on the system - To combat this the following can be done: o Awareness - let the users know of the policies/procedures regarding storage of sensitive data on portable devices o Disk encryption - there are tools/products that allow users to store sensitive data in portions of the hard drive that are encrypted. A word of caution though, in most cases if the user forgets the password to the encrypted files they are un-recoverable unless some other measure has been taken to maintain the password (a sealed envelope in the office for example, but this also raises questions) o There are tools/products that will 'phone home' if the laptop is plugged into a phone/network connection (if the network connection includes Internet connectivity) * The target is the laptop itself, regardless of the data - To combat this, the following can be done: o Awareness - let users know how to better protect portable devices. Security awareness training should incorporate this into the material. They should still be made aware of policies/procedures for storing sensitive data on these devices. The users should also be aware of who to call in the event their system is stolen. The same measure should also be applied to PDA's, Blackberries (and similar devices) and the newer cell phones that can receive/transmit e-mail. Lee Kelly, CISSP Manager, Assessment Services Fortrex Technologies, Inc. 1-877-367-8739 (Office) 301-906-6269 (Cell) To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=Security and enter your email address. <P>The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited. To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=Security and enter your email address. <P>The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
