Description: A rechargeable battery which can be charged via USB interface sticks in a notebook on March 2, 2009 at the world's biggest high-tech fair CeBIT in Hanover, central Germany.
A USB key handed out to an employee in the federal department that helps Canadian companies compete for domestic and foreign security contracts vanished early in 2013. A week-long trail of emails, phone calls led security officials to conclude it was impossible to assess [the] compromise related to the loss of the device. Nor was it clear who was telling the truth about the number of hands the one small device passed through: Employees pointed fingers at each other, with none knowing where the USB key ended up. Another USB key that was neither password protected nor encrypted was found on a downtown Ottawa sidewalk by a Good Samaritan. It contained protected information albeit out-of-date details of a federal project. The two instances are among dozens of security incidents logged by Public Works and Government Services Canada over the past year in the capital, which has the largest slice proportionally of public servants in the country. The USB key losses are two of four investigated in 2013 by Public Works, not including the six lost BlackBerry phones, two lost laptops and the possible theft of an iPad. Theyve taken a step forward, but theyre still miles away Multiple departments have looked to ban or limit the use of USB keys and portable data devices in the wake of high-profile data breaches in 2013, including the loss of a USB key at Employment and Social Development Canada that contained sensitive information on more than 5,000 Canada Pension Plan disability applicants. If USB keys are being used, departments are opting for encrypted devices. I cant but shake my head that theyve taken a step forward, but theyre still miles away, said Tony Busseri, CEO of Toronto-based Route1 security. Dont have the data go walking beyond the firewall of the network. You dont need the USB key, he said. One route is to have departments keep data on secure servers, and have users connect remotely. Information never has to leave the confines of government services, and cuts down the risk of an employee or consultant losing a portable data device, Mr. Busseri said. It cant get stolen, it cant get lost, he said. Related <http://www.google.ca/gwt/x?gl=CA&u=http://news.nationalpost.com/2013/12/26/ federal-department-sought-to-ban-usb-drives-to-curb-risk-of-privacy-breaches /&hl=en-CA&ei=XbjEUvaJLobgsQektYHQCg&wsc=yh> Federal department sought to ban USB drives to curb risk of privacy breaches <http://www.google.ca/gwt/x?gl=CA&u=http://news.nationalpost.com/2013/07/18/ federal-government-considered-paying-dumpster-divers-15000-to-retrieve-lost- usb-records-emails-show/&hl=en-CA&ei=XbjEUvaJLobgsQektYHQCg&wsc=yh> Federal government considered paying dumpster divers $15,000 to retrieve lost USB records, emails show <http://www.google.ca/gwt/x?gl=CA&u=http://news.nationalpost.com/2013/04/09/ missing-government-hard-drive-also-contained-business-plans-financial-inform ation-of-thousands-of-canadians-emails-suggest/&hl=en-CA&ei=XbjEUvaJLobgsQek tYHQCg&wsc=yh> Missing government hard drive also contained business plans, financial information of thousands of Canadians, emails suggest <http://www.google.ca/gwt/x?gl=CA&u=http://news.nationalpost.com/2013/01/11/ weve-lost-personal-information-for-more-than-half-a-million-borrowers-canada -student-loans/&hl=en-CA&ei=XbjEUvaJLobgsQektYHQCg&wsc=yh> Weve lost personal information for more than half a million borrowers: Canada Student Loans Among the potential security and privacy breaches investigated in 2013 was one where a financial analyst at Aboriginal Affairs and Northern Development Canada was accidentally given access to pay details for employees at Natural Resources Canada. None of the affected employees was told about the mistake because the threat of a privacy [breach] is almost nil, reads an internal report, after the financial analyst alerted her superiors about the problem. Due to the circumstances, there is no point to inform the NRCan employees that their names and pay info have been sent to a third-party office, the report says. Workers were given reminders to be careful in the future, and the case was closed. We do a very poor job of authenticating people before we give them access to data, Mr. Busseri said. His company has lobbied the government to use smart-cards for workers to access information: Workers need the card and a unique password to access data, much like a credit card with a chip needs a proper PIN to confirm purchases. Copies of the security incident list and the final reports themselves were released to Postmedia News under the access to information law. The names of the employees at the centre of each incident have been redacted from the documents. In most cases, the departments investigations list notes that sensitive government information was never put at risk. Thé Mulindwas Communication Group "With Yoweri Museveni and Dr. Kiiza Besigye Uganda is in anarchy" Kuungana Mulindwa Mawasiliano Kikundi "Pamoja na Yoweri Museveni na Dk. Kiiza Besigye Uganda ni katika machafuko"
<<image001.jpg>>
_______________________________________________ Ugandanet mailing list [email protected] http://kym.net/mailman/listinfo/ugandanet UGANDANET is generously hosted by INFOCOM http://www.infocom.co.ug/ All Archives can be found at http://www.mail-archive.com/[email protected]/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
