"MI5 laptop snatched"
Ian G Batten
I.G.Batten at ftel.co.uk
Tue, 28 Mar 2000 14:18:28 +0100 (BST)
This is a multi-part message in MIME format...
------------=_954249482-24937-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Md5: jH6S9Zn06Cwmjyv7bD1UGw==
You write:
> The problem is that the business chaps understand the legal/financial
> liability that lies upon them and so takes measures to secure those keys
I beg to differ. You're looking at things from the perspective of a
small to medium enterprise. I've seen some horrors surrounding security
in telco environments, large manufacturing environments and so on, where
security is devolved as a purely rote function which is then pushed down
as a book of rules to be blindly followed. A lot of corporate security
guidelines are followed without any understanding of their function,
either tactically (``why is it a bad idea to write your passwords
down'') or strategically (``why is it a bad idea to have random users
using your machines''). We have endless trouble convincing users that
sharing passwords is a bad idea, for example.
> respective to that liability. If PC Plod then takes those keys, for
> which they have no liability, then they are not so motivated to
> implement appropriate security.
Does a random employee of a multi-national have the aforementioned
``motivation''?
> Cases like this do not suggest the entire physical security
> infrastructure of the intelligence services is rubbish, but it does
> little to inspire confidence.
Ask an IT manager how many laptops they lose a year. They probably
won't tell you, but it won't be zero.
ian
------------=_954249482-24937-0
Content-Type: application/pgp-signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: PGP Information
-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 1f/m9/LFbIF7MKd1fIAkX9i6R4dyErHM
iQB1AwUBOOCxC8oy0yij3IvtAQGMGwMAx/N7pP3YRcekKMg+OzP3wWH4k1Jg55TF
eRh3w5B2aG6Gzt2WUffvgX3Eo0TjurQ4zRDvNqFt8nty2in+CSaxQIS7rcz6U5cE
MMkSZV3M+u3poqKiyEMPFA8iWliLv0oQ
=921h
-----END PGP MESSAGE-----
------------=_954249482-24937-0--