Tracy R Reed wrote:
And please don't post to or harass that mailing list or you will put a swift end to my anthropological research.
First, the physical security is lacking. The safe was installed badly and had no required monitoring. The purpose of a safe is to slow the thieves down sufficiently so that the monitoring service can send someone to check.
Second, storing the decryption tokens in the same spot as the data to be decrypted shows a lack of experience. If the encryption is doing its job, you don't need to put the tapes into a safe other than for fire safety. And, if fire safety is the objective, you send them offsite. Since they are encrypted, even if they get lost, it's not a security breach.
Translation: it sounds like someone is trying to cover their ass. My guess is that somebody ignored recommendations about the physical security (which is expensive) and is trying to weasel out of it afterward.
-a -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
