Advertisement
Promo

Security management Toolkit

Story: PGP: Encryption alone no cure for data breaches

  • Previous comment

Posted by: D Tomlinson (Monday 11 February 2008, 7:37 PM)

  • Reply

Sure: no silver bullets

First you have to close the stable door. Point solutions do this.

Citadels have always had strength in depth from the moat to the keep, unlike HMRC (or firewalls) which neglected basic data security, and the breach took place outside the citadel.

HMRC have to take the minimum precautions of not allowing everyone to browse or download the whole database. And understand password protected zip files are not the state of the art data security, and why data security matters and what is your responsibility. Junior (inadequately trained) staff were required to supply the whole database (in password protected zip files) by people who should know better (but didn't).

Encryption is necessary for mobile data, mobile data is not necessary for HMRC, and supplying the whole database was not a alternative to sterilising the data, for it's intended use, and distribution outside the citadel.

Corporate experimentation and learning is an important activities in their own right. Simple rules can drive complex behavior and solutions come from iteration and experience.

Private message disabled

D Tomlinson

D Tomlinson
n/a
Member since: October 2007

Site Activity Rating:

1

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread


Video icon

Video

Sentry Posts Blog

Security Videos by Industry Leaders

The Academy Pro presents vendor and open source security products in video format. The 500+ free videos cover everything from firewalls, penetration testing, IDS/IPS to NAC and anti-spam.... More

Post a comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Featured Talkback

In association with Network Liberation Movement
It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters