Posted by Volker Hetzer on 09/02/05 17:39

Jerry Stuckle wrote:

> BTW - while you're at it, those who know better than I estimate > 85% of
> successful break-ins are from inside the company.
Yes, right, but if you're talking employees selling data aquired
in their normal course of work, that's kind of hard to avoid unless
you want to start an orwellian nightmare at all workplaces.
I mean, do you really want to look for hidden sd-cards in other
peoples boots? Check the memory of their cellphones? USB watches?
You can do that for Los Alamos or Sandia, maybe some departments
at Lockheed or Raytheon but not for a normal, civilian business.
And, you know, this is germany, land of unions and long term
employment. So, employee disgruntlement is not that much of a problem,
neither are bribed short-term-profiteers.

If, on the other hand, we are talking a bribed cleaning lady, ok,
that's always a problem too. But since we are not the first server
or database in our company we simply follow procedure, keep the
data as safe as the data in the previous system was and make sure
the group of people accessing it doesn't get extended inadvertently
beyond the people that had access to the file share before.

Also, we do know the value of that data and while it's substantial
in terms of work spent on it, it's not medical or business data
and engineers and developers access it all the time. :-)

Lots of Greetings!
Volker

[Back to original message]