Comments on: Data breaches: High percentage attributable to lost laptops, just like we’ve been saying http://blog.mylaptopgps.com/2008/10/27/data-breaches-high-percentage-attributable-to-lost-laptops-just-like-weve-been-saying/ Laptop Computer Security Tue, 09 Mar 2010 21:54:58 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: dan http://blog.mylaptopgps.com/2008/10/27/data-breaches-high-percentage-attributable-to-lost-laptops-just-like-weve-been-saying/comment-page-1/#comment-1536 dan Tue, 14 Apr 2009 16:17:21 +0000 http://blog.mylaptopgps.com/?p=83#comment-1536 It's custom-built (custom theme). It’s custom-built (custom theme).

]]> By: alex farguson http://blog.mylaptopgps.com/2008/10/27/data-breaches-high-percentage-attributable-to-lost-laptops-just-like-weve-been-saying/comment-page-1/#comment-1530 alex farguson Mon, 13 Apr 2009 03:47:07 +0000 http://blog.mylaptopgps.com/?p=83#comment-1530 I like this theme you are using... what is it? I like this theme you are using… what is it?

]]> By: dan http://blog.mylaptopgps.com/2008/10/27/data-breaches-high-percentage-attributable-to-lost-laptops-just-like-weve-been-saying/comment-page-1/#comment-174 dan Wed, 29 Oct 2008 03:04:37 +0000 http://blog.mylaptopgps.com/?p=83#comment-174 Mr. Franks, Indeed, some excellent points. One of the clear factors creating the greatest challenge right now is actually the age-old bane of the system administrator or security officer: user apathy. Of course, downright maliciousness on the part of users is also a big problem, but it's much more common to have "benevolently lazy and non-compliant" users than to have many outright malicious ones. So, as you mention--*laxity* is a very big deal. Users resist security models, practices, policies and procedures designed to protect them and the business. They do what they want to do and get irritated at any hurdle--even such as a password. There are a number of valid points you raise, and I'd highlight that on at least *one* vector, this apathy issue, we're trying to address the problem with technology that is: 1) Solid and reliable 2) Effective AND 3) Unobtrusive This #3 is more an more important--by protecting users without having to "ask them" first (big oversimplification), we find much more success. And the security officers like that! Thanks again for the great feedback. Mr. Franks,

Indeed, some excellent points. One of the clear factors creating the greatest challenge right now is actually the age-old bane of the system administrator or security officer: user apathy.

Of course, downright maliciousness on the part of users is also a big problem, but it’s much more common to have “benevolently lazy and non-compliant” users than to have many outright malicious ones.

So, as you mention–*laxity* is a very big deal. Users resist security models, practices, policies and procedures designed to protect them and the business. They do what they want to do and get irritated at any hurdle–even such as a password.

There are a number of valid points you raise, and I’d highlight that on at least *one* vector, this apathy issue, we’re trying to address the problem with technology that is:

1) Solid and reliable
2) Effective

AND

3) Unobtrusive

This #3 is more an more important–by protecting users without having to “ask them” first (big oversimplification), we find much more success. And the security officers like that!

Thanks again for the great feedback.

]]> By: John Franks http://blog.mylaptopgps.com/2008/10/27/data-breaches-high-percentage-attributable-to-lost-laptops-just-like-weve-been-saying/comment-page-1/#comment-172 John Franks Tue, 28 Oct 2008 18:05:52 +0000 http://blog.mylaptopgps.com/?p=83#comment-172 In the realm of risk, unmanaged possibilities become probabilities: These data breaches and thefts are due to a lagging business culture. As CIO, I'm always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." We keep a few copies kicking around - it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects and in the face of challenging change, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices. The author, David Scott, has an interview here that is a great exposure: http://businessforum.com/DScott_02.html The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. The real crux of the matter is education and training to the organization as a whole – and a recurring schedule of training – in building a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action. I like to pass along things that work, in the hope that good ideas continue to make their way to me. In the realm of risk, unmanaged possibilities become probabilities: These data breaches and thefts are due to a lagging business culture. As CIO, I’m always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.”
We keep a few copies kicking around – it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects and in the face of challenging change, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices.
The author, David Scott, has an interview here that is a great exposure: http://businessforum.com/DScott_02.html
The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. The real crux of the matter is education and training to the organization as a whole – and a recurring schedule of training – in building a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
I like to pass along things that work, in the hope that good ideas continue to make their way to me.

]]> By: Aaron Wakling http://blog.mylaptopgps.com/2008/10/27/data-breaches-high-percentage-attributable-to-lost-laptops-just-like-weve-been-saying/comment-page-1/#comment-167 Aaron Wakling Mon, 27 Oct 2008 20:15:22 +0000 http://blog.mylaptopgps.com/?p=83#comment-167 Hi. I read a few of your other posts and wanted to know if you would be interested in exchanging blogroll links? Hi. I read a few of your other posts and wanted to know if you would be interested in exchanging blogroll links?

]]>