Confusion over Physical Assets, Information Assets in ISO-27000
I often explain that Information Security focuses on Information Assets.
Some day, on the corporate balance sheet, there will be an entry
which reads, "Information"; for in most cases the information is
more valuable than the hardware which processes it.
-- Adm. Grace Murray Hopper, USN Ret.
Some people see this as a binary absolute - they think that there's no need to asses the risks to the physical assets or that somehow this is automatically considered when assessing the risk to information.
The thing is there are differing types of information and differing types of containers for them.
How much would you give up your laptop for?
http://tech.yahoo.com/blogs/null/154866;_ylt=Av2YyMlmiE8ERpzUwD020zUWLpA5
Remember all those journalists doing the "give you password or a chocolate bar" articles?
Well this seems a lot more realistic - giving up you laptop.
Not just the hardware, but everything on it!
Frightening!
Related articles by Zemanta
- When Should I Choose to Remember My Password? (techie-buzz.com)
- Most common passwords (mybroadband.co.za)
Politician hit by lost documents
http://www.manchestereveningnews.co.uk/news/s/1109560_burnham_sorry_over_security_blunder
We can all see what went wrong here.
1. He should have gone by car and not the train.
2. He should have had the documents on his laptop
3. The laptop should have been tethered in the trunk of the said car.
4. The documents should have been clearly labelled
"*Not* about the F-35"
5. His laptop should have had its patches and AV up to date.
Just one question.
What's with this "hit by"?
That headline is trying to make out that the documents were the guilty - and actively so - party.
Well, perhaps that not the fault of the journalist, perhaps that's the stance the politician is taking 🙂
Related articles by Zemanta
- 4 In 10 People Would Exchange Their Laptop For A Tablet (lockergnome.com)
- Bigotgate: the day the PM joined The Thick of It (guardian.co.uk)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=43ed8d89-8b5f-4dbd-809c-437e3e052a16)
Stolen laptop leads to drug bust
I must admit, this isn't quite what I expected when I read the headline. I was expecting the contents of the laptop that had somehow come into the hands of the police or DEA to contain evidence that lead to the bust. As it was, the recovery was a result of "phone home" software and the
bust was an incidental.
Security software built into a stolen laptop computer led police to a
Hoisington residence on Tuesday. Authorities not only found the
computer, but they also uncovered what appears to be a methamphetamine
lab.
So what is the procedure around the 'phone home' software? Does it
contact the police directly? Does the owner notify the 'phone home'
software vendor and they in turn notify the police when they have a trace?
Detective Denton Doze at the Great Bend Police Department said the
$9,000 computer, along with hand tools and power tools, was stolen
during a burglary reported last Friday at the My Town project, 1419 Main
Street.
That must have been quite some laptop!
As of Wednesday evening, the missing tools had not been accounted for.
Well, obviously. They don't have 'phone home' software that runs when they are used.
Irony
Headline: FTC attorney's laptops stolen
http://www.presstelegram.com/business/ci_3969575
The government agency charged with fighting identity theft said Thursday it had lost two government laptops containing sensitive personal data, the latest in a series of breaches encompassing millions of people.
Can you spell "Irony"?
This goes a bit beyond the bare-faced incompetence that we've grown used to
and come to treat as the new security baseline at the government.
And here's another chunk of Irony:
Many of the people whose data were compromised were being investigated for possible fraud and
identity theft, said Joel Winston, associate director of the FTC's Division of Privacy and Identity Theft Protection.
But what caught my attention in this article was the following:
On Thursday, a House panel was cautioned that credit monitoring alone may not be enough to protect Americans whose names, birth dates and Social Security numbers were compromised at the hands of the government.
During the House hearing Thursday, Mike Cook, a co-founder of a company specializing in data breaches, said identity-theft victims typically don't become aware they've been hurt until six months after their data was stolen, when creditors come calling for money owed.
At that point, it's likely the thieves will have moved on having made just a few purchases so they don't attract notice and started using another victim's information.
As a result, a credit monitoring service would raise a red flag after it was too late, Cook said.
So what's the real use of this credit monitoring that the companies are handing out in the aftermath of privacy failures if its not going to protect you? "Oh, you've had your bank account emptied, your house sold, and your wife has received a divorce notice. And by the way, your credit is non existent but that may be due compute hackers...."
Related articles
- Why Was Capital One Fined for Deceptive Credit Card Practices? (nationaldebtrelief.com)
- SC lawmakers to discuss extended credit monitoring (thestate.com)
- What To Do if You're a Victim of Identity Theft Tax Fraud (community.ally.com)
- Identity Theft: Keeping Safe in an Online World Infographic (veracode.com)
- Ways to Prevent Identity Theft [Infographic] (blogs.lawyers.com)
- Identity theft (themaurergroup.wordpress.com)
- How Important Identity Theft Prevention (howprotectmyid.wordpress.com)
- Tips to avoid becoming an identity theft victim (technology.inquirer.net)
