Musings on personal and enterprise technology (of potential interest to professional technoids and others)

Wednesday, December 12, 2007

software? hardware? TRAINING! "Securing the Laptop: Mission Impossible?" eWeek 11/07

Some relevant vendor products listed here, to help prevent data and/or hardware loss or theft:

Securing the Laptop: Mission Impossible?: Page 2: "...make the USB drive itself the trusted device. RedCannon's KeyPoint Alchemy, for example, encrypts USB devices and implements policy management rules for their use. Similarly, VMware's ACE 2 implements a virtual PC, with security policies, on a USB drive. 'The USB drive is a manageable asset,' Gartner's Girard said. 'It will cost you some money, but you can do it.' The epidemic of laptop thefts has spurred other, more novel approaches. Absolute Software's Computrace LoJack for Laptops works much the same as the LoJack automobile anti-theft device. When a stolen system is connected to the Internet, it sends out a signal that enables it to be traced. The signaling works even if the hard drive is removed and installed in another system..."

However, the huge grain of salt is that "user education and training is a not-to-be-neglected component of any laptop security program.
A recent study by the Computing Technology Industry Association found that only 42 percent of companies had either completed or planned a mobile computing user security education program. Perhaps that reticence has something to do with the difficulty of implementing an effective program.
'How do you communicate to businesspeople in a manner they can understand and relate to?' said Eric Litt, chief information security officer at General Motors. 'That's the skill. It may be more art than science. You have to build credibility.'"

NOTE: A somewhat old but still IMHO highly relevant resource from the US National Institute of Standards and Technology, including suggested topics for security awareness training:

Building an Information Technology Security Awareness and Training Program

No comments: