Features
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Newsletter Subscription
Some of the most sensitive digital data in London resides on the servers of the City of London Police - and a great deal of effort goes into making sure that it isn't downloaded onto portable devices and then lost or stolen.
Some of the precautions are technical, says Gary Brailsford, CIO and head of information management at the City of London Police, which is tasked with policing London's financial district, the so-called "Square Mile". (The Metropolitan police force handles the general policing of London.) Officers' desktop computers, for example, are configured so that data must be stored on secure, centrally-managed network drives, rather than local C: drives. The use of e-mail for file sharing is actively discouraged, and is monitored. Software from security vendor DeviceLock prevents data being downloaded onto floppy drives or USB "thumb" drives. And when it is necessary to use portable media - for instance, so that data can be shared with external agencies such as the Crown Prosecution Service and the Serious Fraud Office - the department has a preferred device: MXI Security's Stealth MXP biometric USB drive.
Rather than just leaving it up to officers to decide when they can use the biometric USB drive, however, the department has created a detailed risk-assessment policy - one that not only establishes a framework for making decisions, but also allows officers insight into the process.
Here's how it works. Before an officer can download any data onto removable media, he or she must file a formal application to do so, and explain what information is involved, how sensitive it is, its security classification, why downloading is required, what steps will be taken to protect it, and what the consequences of loss might be.
Based on the answers, officers themselves can then apply two scoring methodologies used by decision makers - one for risks involved in sharing the data, the other for benefits accruing. In doing so, they can see the likelihood of their request being granted, and at what security level the decision will be made. This part of the form isn't mandatory, explains Brailsford, but is included for informational purposes and to demonstrate transparency into the process.
Completed applications that show excessive risk without the necessary benefit are turned down, Brailsford says. Alternatively, officers requesting permission to, say, download data onto CD-ROMs might be directed to use more secure means, such as the biometric USB device. As a final backstop, the downloading of information with the very highest security classifications is simply prohibited.
"The intention is to encourage the officer to make a judgment call about the desirability of downloading the data in question," Brailsford says. "It's not about blindly asking permission, and filling in the questions. Officers need to think about the fuller implications of what they are asking for, and weighing the risks and the benefits."
Click here to see an excerpt from the risk assessment, including the scoring mechanism.
2008 CIO Summit
19th August, 2008 Four Seasons Hotel, Sydney Developed in partnership with CIO Magazine, IDC, INTEP and the CIO Executive Council.
The world of the CIO is extremely complex and diverse. Multiple priorities demand attention and decisions are needed instantly. Individual teams need to be driven towards common goals, and businesses strive to become more mobile, agile and responsive. For CIOs, the challenge never ends.
Every year the CIO Summit identifies what is top of mind for CIOs across Australia and New Zealand, and offers insight for CIO benchmarking and vendor strategic planning alike.
Recent IDC research shows that over 59% of CIO's believe that 'to achieve their business strategies, technology should be used more aggressively than today.'
Join us on August 19th to discover how this is possible with the latest technologies including Virtualisation, Web 2.0, IP Surveillance and Software as a Service (Saas).
Please email Denyse_Robertson@idg.com.au for further information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Phishing botnet expands by hacking legit sites 15 May, 2008 08:10:59
Plants SQL injection attack tool on bots, hacks business, education sitesA botnet is now using a SQL-injection attack tool designed to hack legitimate Web sites, a move meant to add more hijacked PCs to its collection, according to a security researcher. - +
Which IT security skills are most important? 14 May, 2008 09:21:43
There are two types of security skills that might be needed in a company: tactical security operations and strategic risk management.I often hear from IT executives that it is hard to recruit and retain "good security people." Many lament the shortage of skills in this area and cannot reconcile the skills offered with the positions that need to be filled. Is there really a shortage of good security people? Or just a mismatch in the skills and the jobs? - +
Icy encryption tool protects laptops from "cold boot" attack, vendor says 14 May, 2008 08:36:43
Vulnerable encryption keys erased by HyBlue's IceLockThe vendor HyBlue says it can prevent the "cold boot" encryption hack discovered by Princeton researchers with a laptop security product announced Tuesday. - +
Great Wall of Australia: Industry cops sanitised Internet 14 May, 2008 16:45:04
Content filtering gets budget go-aheadCommunications Minister Stephen Conroy has pushed ahead with the controversial [[artid:420013177|national content filtering scheme|ISP filtering]] with a $125.8 million budget allocation announced today. - +
Hacker writes rootkit for Cisco's routers 15 May, 2008 07:07:51
A hacker has written rootkit software that works on Cisco's routers.A security researcher has developed malicious rootkit software for Cisco Systems' routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic.
Quantum announces General Availability of Industry's First Solution Designed to Match De-Duplication Functionality to Specific B 16 May, 2008 10:44:00
Hansen Technologies Extends Contract With Tokyo Electric Power Company 16 May, 2008 09:44:00
More Than 140 Higher Education Institutions Worldwide Use RightNow on Demand CRM 15 May, 2008 18:06:00
DST International Names Rob Gould as Director of Business Development and Strategy for Australia 15 May, 2008 15:40:00
WatchGuard Issues 45 Day IT Network Security Reminder for Achieving PCI DSS Compliance 15 May, 2008 11:33:00
|
||
|
||
|
|
||
|
The State of Internet Security
Email security threats are having a significant impact on businesses worldwide. Discover the most critical email security-related concerns, and get expert advice, current industry data, trends and learn the essential steps to protect your corporate email.
Subscribe to CIO
