>If one of your tapes walks out the door with a disgruntled employee, then you >have the wrong guards on the door. They are not just supposed to be there for >decoration. No one person or organization can be responsible for the security >of EVERYTHING. So make sure your guards do their job and you handle encrypting >the external tapes. One system's programmer cannot do it all, nor can they >convince management to buy it all to do it all.
I can not imagine working in an environment where my (and the other 3000 employees') bags are searched as we go in and out of the office. It would take hundreds of guards and would have to involve some form of strip searching. I'm sure this happens in certain forums - I just can't imagine it when there is an alternative to prevent the need in the first place. Another example to argue for all tapes encrypted.... What happens to tapes when they break in your shop? In a perfect world the process should perhaps be ... 1) Change logged in change management system to note what is about to happen. 2) logically remove tape from tape management system 3) Degauss tape with coworker watching 4) Toss tape in locked bin headed for the crusher with coworker watching 5) Record completed event in change management system with names of employees that confirmed activity. HOWEVER... what happens if Mr. new operator simply tosses it in the trash. A few months later the audit turns up a missing tape. You can't find it, and there is no trail to tell you where it went. It is lost and under the breach notification laws as I understand them, that is a notifiable event - even though your employee tells you they threw it in the trash. Thus the notices that say "we're 99% sure its in a landfill". Right or wrong, given our society, I firmly believe that all data will be encrypted everywhere all the time at some point in the not too distant future. But for now, if the media moves, encrypt it. Jeffrey Deaver, Engineer Systems Engineering [EMAIL PROTECTED] 651-665-4231(v) 651-610-7670(p) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html