Prof John Walker - (Europe) Close Encounters with Information Leakage
Master Data Management

Prof John Walker - (Europe) Close Encounters with Information Leakage

Traveling around the UK from London, Birmingham, Manchester, on to the wilds of Scotland, one may observe that the opportunities for encountering information leakage are very common. In fact, such has my interest grown in encountering potentials for information exposure and compromise, I have recorded my discoveries.


I'll start with the UK-based National Building Society, residing at an office just off Covent Garden, London. In this example, the society in question were very methodical and tidy, and every week or so they placed their business waste on the public pavement for pick-up by the refuse collection service. However, close examination revealed that the clear see through bags contained shreddings which were so wide, they were capable of containing complete font characters. To make matters even worse, armed with only a roll of tape, the shredding could be reconstructed with ease, and thus revealing the supposedly secure content.

Travelling Northbound, the next close encounter relates to a windscreen replacement business located in the City of Derby. The company in question had gone into liquidation as a consequence of the economic downturn and thus vacated their premises. The problem was, all of their left over paper based assets were cleared out, dumped into a skip. They contained credit card details, names, addresses, telephone numbers, and so on (including mine) - a matter which also attracted the attention of the local press.

Yet another close encounter with information leakage took place in Glasgow, Scotland. Where again, as with the London example, whilst paper based information had been subjected to shredding, it was facilitated by a device which was inadequate at providing complete destruction of a paper based information asset.

The next example takes it to another level, and has the potential to manifest in the most serious close encounter for information leakage of all. Taking a shortcut through a back street in Scotland, I came across an unattended loading bay with its doors wide open. To my amazement, I not only observed a pile of PCs and printers awaiting shipment, but I was even able to walk in and examine the merchandise. As to what information assets these devices contained I am unsure - who knows, they may have been subject to some secure erasure, but looking at the company's application of physical security, I do have my doubts! See Fig 1.

                            Fig 1.

computersAt the end of the day, whether it is waste paper based assets or technological components, assets like these still pose a risk after they have been taken out of operational use. To ensure any pre-owned data is rendered unrecoverable, these waste products should be handled with an appropriate level of security.

 

Professor John Walker is part of the  London Chapter ISACA Security Advisory Group  and Director of CAMM

 

 

 

PREVIOUS ARTICLE

«Indus Khaitan (India) - How the Adoption of Internet Leads to a change in Information Consumption

NEXT ARTICLE

Matt Johnston (North America) - Eight Best Practices for Identity and Access Management »

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should we donate our health data the same way we donate organs?