When it comes to information security, all too often the necessary actions aren’t taken until someone really screws something up. The latest example of this comes from the federal government, which recently announced that various departments and agencies had to comply with a set of security standards within the short span of a month-and-a-half. The reason? A laptop with the records of 22.5 million retired and 2.5 million active-duty military personnel was stolen from the home of a Veteran’s Affairs employee, and the device was not secured.
“There was no encryption on the device,” said Andrew Krcik, vice president of marketing at PGP, which provides encryption services for organizational data assets. “They did get it back this week, and there’s no evidence that it’s been tampered with, but in the encryption world that doesn’t mean anything. Lack of any evidence that it wasn’t doesn’t mean that it wasn’t. I don’t think they released the details of how they got it back, but I’ll bet there were a lot of federal resources applied to getting it back. Then, as it turned out, other smaller breaches of data in other agencies came to light afterwards. That has a way of focusing attention.”
Thus, the deputy director of the Office of Management and Budget recently issued an order to all departments in the federal government to comply with a new security mandate within 45 days. That time frame ends on Aug. 7, Krcik said. “They will have to secure all devices…
Please log in or subscribe to read this article