(((The major new threat in computer security: just plain
losing stuff. Flash drives, laptops, palmtops cram full of
Gopod only knows what... It's the size of your thumb!
It's got four, five gigabytes of whatever you thought was important,
once upon a time! Then it tumbles out of your cargo pants while you're fishing for change for a parking meter... And there are MILLIONS
of them. Millions....)))
–Survey Finds Laptops, Handhelds Pose Significant Data Security Risk
(16 August 2006)
A recent survey of 484 technology professionals indicates that 81
percent of companies in the US lost laptop computers that held sensitive data last year. Handhelds and laptops posed the greatest risk to sensitive data, according to survey results; Universal Serial Bus (USB) sticks, desktops and shared file servers followed.
More than half of the respondents said data on USB drives are not protected; twenty percent said at least one USB drive holding data is lost each month at their workplaces. More than half of the companies surveyed said they would not be able to determine what information was contained on missing USB drives and nearly half of respondents said they would not be able to determine the information contained on handheld devices.
(((Nobody even keeps count! It's not possible. It's like
keeping count of sticks of gum.)))
Sixty-four
percent of respondents said they had never compiled an inventory of
sensitive consumer or employee data. The survey was a joint effort
between the Ponemon Institute LLC and Vontu Inc
http://www.usatoday.com/tech/news/computersecurity/2006-08-15-thumbdrives-stolen_x.htm
[Editor's Note (Honan): The statistic that strikes me as most worrying
from this survey is the large amount of respondents who do not have an inventory of the sensitive data they are supposed to be protecting. Not knowing where sensitive data is located will result in inadequate
controls being put in place and a high probability of a breach
occurring.]
(((You can't have an inventory without a taxonomy. If you have
oceans of data in a forest of thumb drives, you cannot compile
a taxonomy. There is no hierarchy. There is no authoritative
filing system that would enable a taxonomy. You cannot distinguish public or private or secure or insecure. It's like trying to make a swarm of bees fly in a bombing formation. It can't happen.)))
