Great article in the London Times this morning entitled "We have the technology, but no security." Author Simon Davies goes through the laundry list of compromises that have hit the British government over the past year and correctly comes to the conclusion that it is a lack of standards, policy, and understanding about data security that lead to a culture of carelessness.Hackers in Britain don't need to scan servers for vulnerabilities nor do they have to prepare "spear phishing" attacks to compromise desktops within the government... they just need to walk around the street and look for discarded DVDs and USB key drives. Their problems are definitely on the people and process side of the security triad (people, process, technology).
I hope someone in the British government takes control of the situation and institutes an educational program coupled with a strong encryption and data access policies with the necessary technical controls to help enforcement.
Related Articles
- Britain 'worst in Europe for privacy'
- Information on thousands of prisoners missing
- UK gov't loses 4 million citizens' personal info
- Pitfalls of miniaturisation as PA Consultancy loses prisoners' details
- UK Government Spills Personal Data of Millions
- Thousands of personal records lost each month
- Tories call for data loss prosecutions
- UK gov't loses personal data on 4M people in one year
No comments:
Post a Comment