Advertisement
Promo

Security management Toolkit in association with http://ad.doubleclick.net/clk;214682528;14505427;f?http://uk.blackberry.com/ataglance/security/

In association with Network Liberation Movement

Talkback

Post a comment


Story: PGP: Encryption alone no cure for data breaches

  • Previous comment

Posted by: D Tomlinson (Monday 11 February 2008, 7:37 PM)

  • Reply

Sure: no silver bullets

First you have to close the stable door. Point solutions do this.

Citadels have always had strength in depth from the moat to the keep, unlike HMRC (or firewalls) which neglected basic data security, and the breach took place outside the citadel.

HMRC have to take the minimum precautions of not allowing everyone to browse or download the whole database. And understand password protected zip files are not the state of the art data security, and why data security matters and what is your responsibility. Junior (inadequately trained) staff were required to supply the whole database (in password protected zip files) by people who should know better (but didn't).

Encryption is necessary for mobile data, mobile data is not necessary for HMRC, and supplying the whole database was not a alternative to sterilising the data, for it's intended use, and distribution outside the citadel.

Corporate experimentation and learning is an important activities in their own right. Simple rules can drive complex behavior and solutions come from iteration and experience.

View complete profile

Private message disabled

View all posts

D Tomlinson

D Tomlinson
n/a
Member since: October 2007

Site Activity Rating:

1

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security management


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment

Featured Talkback

In association with Network Liberation Movement
It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters