Security Basics mailing list archives

RE: The VA Stolen Laptop - Lessons Learned

From: qxlr () twmi rr com
Date: Thu, 14 Sep 2006 05:36:11 -0400

At least with hardware and digital media, there is some attempt by the 
Feds to secure data. Social Security Administration offers employees 
the ability to work from home 1 day a week, and has done so for the 
past 8 years. Security is NON-EXISTENT. 
These employees do not transport social security files in digital 
format but, rather the HARD-COPY version. The tasks performed at home 
work are the same as those performed in the office, and consist of 
everything from simple "logging and filing of mail" to writing 
correspondence, preparation of Exhibit Lists in Social Security 
Appeals cases and entering medical information into the record. The 
only security requirement: the employee must obtain (at their own 
expense) a locking 2 drawer file cabinet. No independent verification 
is ever done to see if the solitary requirement is met. Any individual 
who is now in contact with SSA, or has in the past 6 years had reason 
for correspondence/contact with any District or Hearing Office in any 
Region, (other than typical employer payroll deductions) is at risk. 
Realize, these are clerical staff - GS 8 is about the highest grade 
most clerks ever attain. Factor in a 4+ year Grade increase and new 
hire freeze, rapid depletion of the existing experienced work-force 
thru retirement and use of temporary, part-time contract staff as a 
stop gap measure, and the failures that lead to the VA incident pale 
by in comparison.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: The VA Stolen Laptop - Lessons Learned, (continued)
- - - Re: The VA Stolen Laptop - Lessons Learned security (Sep 19)
    - Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 20)
    - RE: The VA Stolen Laptop - Lessons Learned Clement Dupuis (Sep 20)
    - Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 20)
    - Re: The VA Stolen Laptop - Lessons Learned intel96 (Sep 20)
    - Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 21)
    - RE: The VA Stolen Laptop - Lessons Learned Pranav Lal (Sep 25)
  - Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 15)
- Re: The VA Stolen Laptop - Lessons Learned Rockit (Sep 18)
  - Re: The VA Stolen Laptop - Lessons Learned MandommGmail (Sep 19)
- RE: The VA Stolen Laptop - Lessons Learned qxlr (Sep 14)
- Re: RE: The VA Stolen Laptop - Lessons Learned krymson (Sep 15)
- RE: The VA Stolen Laptop - Lessons Learned Scott Ramsdell (Sep 15)
  - RE: The VA Stolen Laptop - Lessons Learned Isaac Van Name (Sep 15)
- Fw: The VA Stolen Laptop - Lessons Learned bhrugvish.gore (Sep 26)