Comments on: MOD Laptop ‘anomalies’ = systemic failure http://www.alancalderitgovernanceblog.com/2008/07/mod-laptop-anomalies-systemic-failure/ Alan Calder, author of "IT Governance: a Manager's Guide to Information Security and ISO27001/ISO27002", talks about current governance and information security issues. Sun, 03 Oct 2010 05:23:49 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Bogdan Dragomir http://www.alancalderitgovernanceblog.com/2008/07/mod-laptop-anomalies-systemic-failure/#comment-7 Bogdan Dragomir Mon, 15 Sep 2008 15:53:54 +0000 http://84.18.207.66/~alancald/?p=212#comment-7 That is interesting, it might not be an average of 10000, but that might represent the top losses; I believe that the question asked at the end of the article is a valid one "what happens with all those laptops?" Anyway, the "silver bullet" against loosing the laptop is as usual increased user awarenes. As for the confidential data existing on the laptop, ...there are several solutions such as: using a folder/file encryption software (folder lock), using a whole disk encryption solution (drivecrypt, pgp), not storing confidential data on your laptop ... or the OL' method and highly recommended: don't buy/travel (with) a laptop unless you have the ability to take care of it!! That is interesting, it might not be an average of 10000, but that might represent the top losses; I believe that the question asked at the end of the article is a valid one “what happens with all those laptops?” Anyway, the “silver bullet” against loosing the laptop is as usual increased user awarenes. As for the confidential data existing on the laptop, …there are several solutions such as: using a folder/file encryption software (folder lock), using a whole disk encryption solution (drivecrypt, pgp), not storing confidential data on your laptop … or the OL’ method and highly recommended: don’t buy/travel (with) a laptop unless you have the ability to take care of it!!

]]> By: Svavar Ingi Hermannsson http://www.alancalderitgovernanceblog.com/2008/07/mod-laptop-anomalies-systemic-failure/#comment-6 Svavar Ingi Hermannsson Mon, 15 Sep 2008 15:52:49 +0000 http://84.18.207.66/~alancald/?p=212#comment-6 speaking of losses running into the thousands, did any one read results from the study posted last month where it says that more than 10.000 laptops go missing at US airports each week! that's 10.000 laptops each week? I've never lost a laptop and I have a really hard time understanding how so many laptops can go missing each "week" http://www.engadget.com/2008/07/06/study-says-more-than-10-000-laptops-go-missing-at-us-airports-ea/ speaking of losses running into the thousands, did any one read results from the study posted last month where it says that more than 10.000 laptops go missing at US airports each week!

that’s 10.000 laptops each week? I’ve never lost a laptop and I have a really hard time understanding how so many laptops can go missing each “week”

http://www.engadget.com/2008/07/06/study-says-more-than-10-000-laptops-go-missing-at-us-airports-ea/

]]> By: Bogdan Dragomir http://www.alancalderitgovernanceblog.com/2008/07/mod-laptop-anomalies-systemic-failure/#comment-5 Bogdan Dragomir Mon, 15 Sep 2008 15:48:25 +0000 http://84.18.207.66/~alancald/?p=212#comment-5 I would guess that the number of laptops is a bit less important from the security stand point as long as all of them should have a full disk encryption deployed. How would you verify if all of them have the encryption active is simple by setting a software push taking place once the laptop comes to life. Lost of laptops is unlikely to be stopped; however you are right diminishing its number would reflect in decreased potential exposure. If working offline wouldn't be a requirement I would suggest enabling using laptops as "thin clients" and work on remote systems... "How does the MOD know that actual laptop losses aren't running into the thousands?" that should be quite easy to figure out through periodic audit against machine network authentication. Best regards, Bogdan Dragomir http://rosecurit.eu rosecurit@rosecurit.eu I would guess that the number of laptops is a bit less important from the security stand point as long as all of them should have a full disk encryption deployed. How would you verify if all of them have the encryption active is simple by setting a software push taking place once the laptop comes to life. Lost of laptops is unlikely to be stopped; however you are right diminishing its number would reflect in decreased potential exposure. If working offline wouldn’t be a requirement I would suggest enabling using laptops as “thin clients” and work on remote systems…
“How does the MOD know that actual laptop losses aren’t running into the thousands?” that should be quite easy to figure out through periodic audit against machine network authentication.

Best regards,
Bogdan Dragomir
http://rosecurit.eu
rosecurit@rosecurit.eu

]]>