|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sean Steele (SSteele
infolocktech.com)
Date: Tue Jan 27 2009 - 09:01:10 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Stefan, it appears I've hit a nerve.
I wasn't disparaging anyone personally or professionally, and with regard to your comment regarding my professional responsibilities, I believe it to be exactly my duty and our duty -- as IT security professionals -- to remain skeptical and to call to account anyone in a position of authority able to declare a data breach essentially "null and void" becuase they believe the situation to be sufficiently controlled and controllable.
Any ocassion where senstive data, unencrypted, makes it into the wild should and needs be a serious moment for introspection and analysis.
We all know it can be very difficult if not impossible to ascertain without reasonable doubt whether data has been accessed on a device.
I'm all for dialogue on this issue, as long as we can agree not to call each other names.
--
Sean Steele, CISSP, CISA
Sr. Security Consultant
infoLock Technologies
703.504.9000 x219 direct
202.270.8672 mobile
ssteeleinfolocktech.com<mailto:ssteeleinfolocktech.com>
________________________________
From: Stefan Wahe [mailto:smwahewisc.edu]
Sent: Tuesday, January 27, 2009 9:38 AM
To: Sean Steele
Cc: datalossdatalossdb.org
Subject: Re: [Dataloss] follow-up: Stolen city laptop recovered; workers' personal data not accessed
Living in Madison and working in IT Security, I do know that Madison Police Department has a unit that conducts IT forensics on electronic devices. They have the appropriate staff, resources and training to make such determinations. Additionally they have state and university resources at their availability with more than adequate training and experience in IT forensics. I am aware of this because I have had the opportunity to observe and work with them on other IT Security related issues.
I hope this addresses your questions regarding the professionalism of the Madison Police Department. Please remember that this is a public forum and casting such doubts is not beneficial for those who are working towards solutions in preventing data loss. As a CISSP I hope that you are supportive of your colleagues in these efforts.
My question is if the thief was interested steeling sensitive information off the device, would they then leave the device on city bus? What is their motivation in that action?
Stefan Wahe
_________________________________
Stefan Wahe
University of Wisconsin - Madison
DoIT Applications and Information Security
smwahewisc.edu<mailto:smwahewisc.edu>
On Jan 27, 2009, at 6:21 AM, Sean Steele wrote:
Am I the only one who feels a bit dubious about a local police lab's declaration -- based on their exhaustive computer forensics investigation one s'poses -- that a machine's "sensitive information" has not been accessed?
Hmmm.
--
Sean Steele, CISSP, CISA
Sr. Security Consultant
infoLock Technologies
703.504.9000 x219 direct
202.270.8672 mobile
ssteeleinfolocktech.com<mailto:ssteeleinfolocktech.com>
________________________________________
From: dataloss-bouncesdatalossdb.org<mailto:dataloss-bouncesdatalossdb.org> [dataloss-bouncesdatalossdb.org<mailto:dataloss-bouncesdatalossdb.org>] On Behalf Of security curmudgeon [jerichoattrition.org<mailto:jerichoattrition.org>]
Sent: Tuesday, January 27, 2009 6:07 AM
To: datalossdatalossdb.org<mailto:datalossdatalossdb.org>
Subject: [Dataloss] follow-up: Stolen city laptop recovered;workers' personal data not accessed
---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org<mailto:alertsinfosecnews.org>>
http://www.madison.com/wsj/mad/latest/434816
By Dean Mosiman
Madison.com
Jan 26, 2009
An oversight by the city of Madison's personnel office is why Social
Security numbers of 300 to 500 city employees were stored on a laptop
computer stolen Friday from an office in the City-County Building.
The laptop was found about two blocks from the City-County Building on
South Hamilton Street and turned over to police Monday morning, who
determined late in the afternoon that no sensitive information was
accessed.
The theft, however, put a scare into many and raised questions about city
security of personal information.
Mayor Dave Cieslewicz expressed concern about the incident and ordered a
review of security specific to the situation, spokeswoman Rachel
Strauch-Nelson said.
The city laptop was taken from a "relatively secure location" in the
fifth-floor Human Resources Department offices in the City-County
Building, Wirtz said.
[...]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org<mailto:datalossdatalossdb.org>)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org<mailto:datalossdatalossdb.org>)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]