In-Reply-To: <[EMAIL PROTECTED]> Hi
While it is hard (if not impossible) to stop such thefts, a lot depends on your threat analysis and risk assessment. It is not clear from your mail about the industry you are in and what your mangement's prespectives are regarding this issue. A lot also depends on the premium the managment is ready to put for your information. In my organization, some of the departments have removed floppy drives/No CD-RW/No Zip Drives from their systems. They also have a clear policy that requires the employees to get appropriate permissions before attaching any external storage devices. So any violation of this policy is subject to disciplinary action. Of course, alternate arrangements have to be made to ensure that work flow is not impeded. Does this stop incidents such as those described in your mail. Definitely not. But it goes a long way in raising the bar and if you are liable for the information you hold, well the due diligence will definitely save you in the court of law. My .01 cent Cheers >Received: (qmail 22594 invoked from network); 13 Mar 2003 23:50:54 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 13 Mar 2003 23:50:54 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id DDD33A30B8; Thu, 13 Mar 2003 16:52:08 -0700 (MST) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 25527 invoked from network); 13 Mar 2003 03:04:39 -0000 >Content-Type: text/plain; > charset="us-ascii" >From: discipulus <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Physical Security & Protecting Information >Date: Wed, 12 Mar 2003 20:13:44 -0700 >X-Mailer: KMail [version 1.4] >MIME-Version: 1.0 >Content-Transfer-Encoding: quoted-printable >Message-Id: <[EMAIL PROTECTED]> > >Hi,=20 >=20 >I've read a lot of posts on this list and others and a good deal of=20 >security related articles on this site and others like http://www.sans.or= >g=20 >and http://www.cert.org Most of what I have read focuses on network=20 >and/or computer security but I haven't found very much information that=20 >focuses on physical security, specifically in the area of protecting=20 >confidential proprietary company information.=20 >=20 >Here's a scenerio that should clarify what I'm trying to explain:=20 >=20 >Bob who works as a developer for StealOurStuff inc. tells Mary in=20 >the next cube that he's had a job offer from a competitor, plans to=20 >quit soon but hasn't told anybody. In the afternoon the following day,=20 >Mary notices Bob loading up a box with CDs, floppies and other media,=20 >including reams of documentation. She also notices Bob loading this=20 >box into the trunk of his car at the end of the day.=20 >=20 >What can be done to keep this type of potential compromise from=20 >happening? From my perspective, even if you have armed =20 >security guards that check bags & boxes going in and out of a=20 >building, people can still find creative or not so creative ways to=20 >get it out. A standard CD isn't that big and flash cards are even=20 >smaller. Are there ways to keep someone from getting the information=20 >in the first place or at least record what they've obtained? How >do you do this when they haven't yet provided notice they are >leaving and still have access to loads of confidential information? >=20 >I've read about corporate espionage cases where a perpetrator=20 >at one company busts into the network of another company and=20 >stumbles into a directory named "Proposals" of all things but=20 >employees who walk out the front doors carrying protected information=20 >seems just as damaging or more so to me. > >Any insight would be appreciated. > >Thanks > >
