From: security curmudgeon (jerichoattrition.org)
Date: Fri Jun 06 2008 - 15:06:01 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

: Let's say we do look at the commercial carrier, and the carrier offers
: insurance against loss and the customer either chooses the insurance or
: waives the insurance, most commercial carriers will make insurance
: available, offered with disclosure that if a package's worth is more
: than insurance will cover the carrier can refuse to carry the package,
: based on what the customer has disclosed. Interesting....

Which leads to, what did BNY (or others) claim the backup tapes were
worth =)

Even if you go with a conservative estimate that one 'identity' is worth
less than 20 bucks (recently stated in a paper), that is still a lot of
money if the tapes have a million records. I really doubt BNY is
declaring the tapes worth that much.

So we have a system of couriers, off-site storage and backup providers
that seem to be a serious weak point in the data security. Taking this
one step farther, what if the tape *is* encrypted using really strong
encryption and the tape is lost. Does the company have to warn customers?

If not, will that lead to companies claiming strong encryption
regardless, knowing that the odds of the unencrypted tape being
discovered is very low, then falling back on "error in backup process, it
should have been encrypted" claims?
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]