Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Another U.S. Gov't Site With Useful Cybercrime and Fraud Information | Main | Some VA Laptop Theft Lessons: Don't Get Complacent Over Laptop Thefts...Bad Things CAN Happen to Any of the People Involved...And May Not be Discovered For Years »

Yet Another Laptop Theft...This One With Info About 26.5 MILLION Military Vets

There was a widely reported Reuters story today, "Data on 26.5 million veterans stolen from home" about yet another laptop theft with massive amounts of personal information stored upon it. The theft took place sometime this month.  Data included names, social security numbers and birthdates.

The Department of Veterans Affairs spokesperson indicated the employee took home this large amount of data in violation of "rules and regulations and policies."

Well, it is good they had these policies in place.   Policies cannot prevent people from doing the wrong things, but they are necessary to establish the expectations for appropriate business activities, and the security framework for an information handling and processing environment.

Hopefully there are some strong sanctions policies also in place.  The employee was put on administrative leave during the investigation.

Policies, though, without communicating them to personnel will be ineffective...people cannot be expected to do the right thing if they are not told what the right thing is to do.  Is there a strong information security education program in place at these companies where such incidents are occurring?  I think of the oft-quoted Rumsfeld quote when these incidents occur and I question whether or not there is adequate awareness and training in place, "But there are also unknown unknowns - the ones we don't know we don't know."  Your personnel don't know that they don't know about information security risks if you have not been communicating with them.  This is a huge risk...ignorance is definitely not bliss for your organization.  Companies need to start beefing up their awareness and training efforts or these types of senseless and avoidable incidents will continue to occur.

Technorati Tags







 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on May 22, 2006 2:35 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/92

Listed below are links to weblogs that reference Yet Another Laptop Theft...This One With Info About 26.5 MILLION Military Vets:

» The Daily Incite - May 23, 2006 from Security Incite: Analysis on Information Security
May 23, 2006 Good Morning: Another day, another identity theft - or so it seems. Yesterdays big news was the loss of 26 million personal records from the VA, due to a laptop theft. Technology will help (but you actually have to buy it and implem [Read More]

Tracked on May 23, 2006 7:57 AM

» The Daily Incite - May 25, 2006 from Security Incite: Analysis on Information Security
May 25, 2006 Good Morning: Fairly slow news day yesterday, seems that everyone was focused on the Vonage IPO. Google they are not. For what its worth, I just use Skype. It works fine (I only use it for outbound conference calls) and for the rest [Read More]

Tracked on May 25, 2006 8:27 AM

» The Daily Incite - May 30, 2006 from Security Incite: Analysis on Information Security
May 30, 2006 Good Morning: Welcome back after what I hope was a nice long weekend for my US readers. I had a great weekend, spending lots of time at the pool with family and generally just enjoying the first week of summer here in Atlanta. But, it is [Read More]

Tracked on May 29, 2006 9:31 PM

» The Daily Incite - May 31, 2006 from Security Incite: Analysis on Information Security
May 31, 2006 Good Morning: Greetings from the west coast, where its still pretty early. Not a lot of news yesterday, but Ill highlight the emerging media frenzy about these new consumer security suite services from the likes of Microsoft, S [Read More]

Tracked on May 31, 2006 9:24 AM

» The Daily Incite - June 1, 2006 from Security Incite: Analysis on Information Security
June 1, 2006 Good Morning: JUNE! Hard to believe, May is now in the rear view mirror. I can comfortably say yesterday was my last appearance at INBOX. The session I did was sparsely attended by users, and although there was good conversation about em [Read More]

Tracked on June 1, 2006 10:30 AM

» Laptop Security from Laptop Security
Never carry your laptop in anSecureIT secure Laptop / Notebook cabinet, locker, mobile cart laptop locking Security 7 Steps for Prev... [Read More]

Tracked on June 1, 2006 5:30 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.