Forwarded from: Mark Bernard <Mark.Bernard@private> Dear Associates, fyi.... I think the biggest fear here, is that incident after incident leaves more and more private information out there floating around for someone with the right resources to accumulate for future use. After all, every hardened criminal knows that there's a cooling off period of several months before the merchandise can be moved or used, but yet industry and government can't stop the bleeding of information. Some might like to suggest that the tapes are gone and we'll never see or hear about them again. However, if you ask any Law Enforcement person they'll tell you that most crimes are perpetrated because the criminal has two advantages, opportunity and time. Based on that fact we have to ask ourselves during our risk management efforts, what have we done to take away time and opportunity? It would appear that in some cases nothing.... And to think that we haven't even begun to address the hardened criminals who make their own time and opportunities. Who deliberately seek out weak links within our risk management chain of custody to exploit them. Every time the same company losses data again and again they get more attention by Cyber Criminals. After all the message that the company is sending with multiple information losses is that they are either to big and incapable of moving quickly enough to shutdown the vulnerability or completely incapable of shutting it down. As for the technology factor, well there are lots of used systems for sale that can handle compressed data. As for encryption, well the key to cracking encrypting is publicly available over the Internet. So you see its a matter of developing a sound strategy and integrating effective risk mitigation techniques based on your specific business needs. Time and opportunity is all that it will take and there will be more news articles like this one..... its currently unavoidable! The only question that we can't answer is who's company will be next and what will be the final result of their losses? ======= beginning of excerpt ========= Iron Mountain Loses More Tapes http://www.informationweek.com/story/showArticle.jhtml?articleID=165701015 By Steven Marlin InformationWeek July 8, 2005 City National Bank has become the second company in two months to experience a loss of backup tapes in transit by Iron Mountain Inc. The Los Angeles-based bank disclosed Thursday that two tapes containing sensitive data, including Social Security numbers, account numbers, and other customer information, were lost during transport to a secure storage facility. The bank said the data was formatted to make the tapes difficult to read without highly specialized skills, but declines to say if they were encrypted. It said there's no evidence that data on the tapes has been compromised or misused. ======= end of excerpt =============== Best regards, Mark. Mark E. S. Bernard, CISM, CISSP, PM, Principal, Risk Management Services, e-mail: Mark.Bernard@private Web: http://www.TechSecure.ca Phone: (506) 325-0444 Leadership Quotes by Kenneth Blanchard: "The key to successful leadership today is influence, not authority." _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed Jul 13 2005 - 03:45:33 PDT