Security Basics mailing list archives
RE: The VA Stolen Laptop - Lessons Learned
From: qxlr () twmi rr com
Date: Thu, 14 Sep 2006 05:36:11 -0400
At least with hardware and digital media, there is some attempt by the Feds to secure data. Social Security Administration offers employees the ability to work from home 1 day a week, and has done so for the past 8 years. Security is NON-EXISTENT. These employees do not transport social security files in digital format but, rather the HARD-COPY version. The tasks performed at home work are the same as those performed in the office, and consist of everything from simple "logging and filing of mail" to writing correspondence, preparation of Exhibit Lists in Social Security Appeals cases and entering medical information into the record. The only security requirement: the employee must obtain (at their own expense) a locking 2 drawer file cabinet. No independent verification is ever done to see if the solitary requirement is met. Any individual who is now in contact with SSA, or has in the past 6 years had reason for correspondence/contact with any District or Hearing Office in any Region, (other than typical employer payroll deductions) is at risk. Realize, these are clerical staff - GS 8 is about the highest grade most clerks ever attain. Factor in a 4+ year Grade increase and new hire freeze, rapid depletion of the existing experienced work-force thru retirement and use of temporary, part-time contract staff as a stop gap measure, and the failures that lead to the VA incident pale by in comparison. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: The VA Stolen Laptop - Lessons Learned, (continued)
- Re: The VA Stolen Laptop - Lessons Learned security (Sep 19)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 20)
- RE: The VA Stolen Laptop - Lessons Learned Clement Dupuis (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned intel96 (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 21)
- RE: The VA Stolen Laptop - Lessons Learned Pranav Lal (Sep 25)
- Re: The VA Stolen Laptop - Lessons Learned MandommGmail (Sep 19)
- RE: The VA Stolen Laptop - Lessons Learned Isaac Van Name (Sep 15)