Via FCW.com -
The Veterans Affairs Department lost another laptop PC, but the department was better prepared this time.
When an employee at VA’s Austin Corporate Data Center in Texas had his laptop stolen from his apartment last month, the department’s revamped security policies and new security technologies were put to the test. Unlike what happened when a VA laptop was stolen in 2006, data on the newly missing laptop was protected by encryption, and VA officials knew exactly what equipment was missing.
“The safety net held,” said Adair Martinez, VA’s deputy assistant secretary for information protection and risk management. “Even though it can be hard to carry out some of the controls we require, the reward is that government information can’t be violated.”
In May 2006, when another employee had a laptop stolen that contained millions of veterans’ records, VA quickly established new policies, procedures and technology fixes to tighten data security. Experts say this latest VA incident shows that the department learned from its experience.
VA protected the laptop with GuardianEdge full-disk encryption. No one lacking proper authentication could do more than turn on the computer. The encryption software would block unauthorized users from accessing the data, Martinez said.
------------------
Good news, but lets not just assume the data is safe because it is encrypted.
The VA should look at this case as an example of raising the secuirty bar.
Just because the bar is higher doesn't mean that people can't get over it.
Sure you have reduced the number of people that can...but security isn't a switch, it is a process...a never ending process.
No comments:
Post a Comment