Re: More personal details lost
 

Even if it was, why was it left in a car overnight?

---------- Post added at 21:45 ---------- Previous post was at 21:03 ----------

http://news.bbc.co.uk/1/hi/england/devon/7198043.stm

It'll all be ok though because Peter Hain has ordered an immediate enquiry :rolleyes:

Enquiries into sleaze, corruption and incompetence seem to be about our only growth industry these days :mad:

Of course HMG and the companies involved take this sort of thing extremely seriously don't they - just makes you wonder why it keeps happening then!

Re: More personal details lost
 

Why was sensitive data allowed to leave a secure building? Hasn't anyone at the MoD heard about VPN?

Re: More personal details lost
 

Like I said, no patch for human stupidity ;)

---------- Post added at 09:37 ---------- Previous post was at 09:36 ----------

TBH, provided data has been adequately enrypted it shouldn't be an issue where the data is being carried. To all intents and purposes, a properly secured/encrypted laptop should be nothing more than a dull grey paper-weight when turned off.

Besides, given how crap they are at keeping laptops secure would you really want them having VPN access across the Internet from their home computers to your data :D

Re: More personal details lost
 

Yes but one which has been paid for by the tax payer and ought to be looked after.

Re: More personal details lost
 

Agreed, my point went not to the appropriate security of a physical asset purchased from the public purse, but rather to the logical security of the data contained within it following a physical loss.

There's no excuse (or patch, as I've said previously) for the sheer stupidity of leaving that item on plain view in a car.

Re: More personal details lost
 

I think it's worse than stupidity - I think there's widespread institutionalised disregard for public assets (including information).

Re: More personal details lost
 

Certainly the number of incidents that are currently coming to light would seem to suggest that, I wouldn't be one to suggest that it's the norm though.

Re: More personal details lost
 

Sadly I really think it might be more the norm than you think. I reckon incidents of stupidity like this happen all the time and only a tiny few ever result in a loss - those are the ones we hear about.

Re: More personal details lost
 

You're probably right, because the headline:

"MoD Loses Fully Encrypted, 6 Year-Old, Laptop. Personal Details Perfectly Safe."


Isn't going to sell many papers.

Personally, the loss of the laptop is almost inconsequential. Yes, it's a few hundred pounds out of the public purse, but you could recover that by fining some of the big businesses that run millions of pounds over budget on Government contracts - now that would make the headlines wouldn't it (although, as usual, probably in a negative sense):

"Thousands of Jobs at Risk as Government Penalises UK Industry."

Anyway, it's not the asset that's the issue here, it's the information that it contained.

Re: More personal details lost
 

That's true of course - but where an attitude of sloppiness is allowed to prevail it's only a matter of time before something goes badly wrong. MRSA and the like have been allowed to take hold of our hospitals due to sloppy cleaning and basic hygiene practices and at what cost?

Re: More personal details lost
 

Sensitive data should not be carried on a laptop (or CDs or DVDs) without adequate security measures in place. What is the justification for doing so?

The VPN access should be restricted to an authorised piece of hardware.

Re: More personal details lost
 

Did you read the bit where I said 'provided it's adequately encrypted'? If it is then that data isn't at risk. At that point, any justification only needs to be strong enough to outweigh the inherent risks invoved. If the laptop uses encryotion that fully protects the data then your risk is simply to the loss of the asset (if you ingnore the miniscule possibility that the encryption could be broken). Given the ever increasing need for people to work at locations other than their own, and the poor interconnections that I would imagine exist between disperate Government sites at a multitude of locations, the use of a laptop for mobile working actually becomes a sensible option as it enables important work (the defence of the nation for example) to continue unabated.

It's only idiots like this that lose, or have stolen from their car, their laptop that even cause this to become a public issue. By the way, we all seem to be working under the assumption that the details on that laptop are now in the hands of the 'bad guys', have the MoD said whether there was any encryption protecting the data yet?



And what would that piece of hardware be?

Re: More personal details lost
 

If they can't be trusted to keep an eye on a laptop, how can they be trusted to ensure that appropriate encryption was in place?

Exactly. Would you trust a monkey with a hand grenade, even though the pin was securely in place when you handed it to him?

I think we ought to assume that. Or is "don't worry, a chav stole it" meant to pacify the situation?

Erm... a laptop?

Suppose this guy's job was to telephone potential recruits into the armed forces. He wouldn't need all 600,000 names on his laptop, would he? He could VPN to a secure server and get one telephone number at a time.

It isn't rocket science...

Re: More personal details lost
 

But..... if the laptop is properly encrypted then the details that were on the laptop won't be in anybody's hands. That was my point, hence the specification that it was the 'details' that were in their hands (and not the laptop) and the question I asked about the encryption (which you cleverly chose to edit out of the quote you made).

And that laptop would be secured how? What happens if someone breaks into his home? How do you know that you can trust someone to have an unmonitored lapto in their home for extended periods of time? What if someone in their family compromises it (unlimited access, unlimited time) and subverts the VPN?

Even if they're using VPN there is still some processing occuring on the device, what about that information? How would you protect that?

Re: More personal details lost
 

Sorry, didn't mean to misquote you. I accept that proper encryption means the data is secure, but I guess I don't trust these guys.

The scenarios you describe are possible, but less likely than having a laptop stolen. Also, the server could be programmed to release only a certain number of names and addresses on any given day, to stop unauthorised downloads of the entire database.

I'd like to know why anyone would need 600,000 names and addresses on a laptop in a car. :shrug: