SecurityFocus

USB pen drive policy Jun 06 2006 03:30AM
Kosala Atapattu (kosalaa carcumb com) (4 replies)

Re: USB pen drive policy Jun 06 2006 11:18AM
Mark Waghorne (mark_waghorne yahoo co uk)

RE: USB pen drive policy Jun 06 2006 11:17AM
Ellenburg, George (GELLENBR southernco com)

Re: USB pen drive policy Jun 06 2006 05:14AM
Samir Pawaskar (samirp emirates net ae)

RE: USB pen drive policy Jun 06 2006 04:27AM
Wilson Wong (wilson wong netrust net) (1 replies)

Re: USB pen drive policy Jun 06 2006 05:13AM
Paul W Brager Jr CISSP CISM (paul-brager houston rr com) (2 replies)

Re: USB pen drive policy Jun 06 2006 11:31AM
ljknews (ljknews mac com) (1 replies)

Re: USB pen drive policy Jun 06 2006 02:49PM
paul-brager houston rr com

RE: USB pen drive policy Jun 06 2006 05:32AM
Jose Varghese (jose varghese paladion net) (1 replies)

Building security awareness is the key.

Technology keeps changing - mobile phones with disk drives. These
technologies are quite handy. I feel it is counterproductive to try and ban
their usage. Educate the users on the risks and provide them the tools to
use them securely!

-----Original Message-----
From: Paul W Brager Jr CISSP CISM [mailto:paul-brager (at) houston.rr (dot) com [email concealed]]
Sent: Tuesday, June 06, 2006 10:44 AM
To: wilson.wong (at) netrust (dot) net [email concealed]; 'Kosala Atapattu'; bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Re: USB pen drive policy

Kosala,

The main thing with pen drives and another "portable" storage is to define
in the policy that these devices be protected by a demonstrable encryption
mechanism, with sufficient strength to protect the data contained on them.
In general, most of the devices come with some rudimentary encryption
software, but I would recommend standardizing on something like PGP, where a
high strength key can be used to encrypt the data. Obviously, the safest
course of action is not to use them for corporate data - however, knowing
that sentiment is unrealistic, it is our task as security professionals to
meet the "customer" where they are, to the extent it is feasible. Hope this
helps.

Paul W Brager Jr CISSP CISM
Information Security Professional
paul-brager (at) houston.rr (dot) com [email concealed]

----- Original Message -----
From: "Wilson Wong" <wilson.wong (at) netrust (dot) net [email concealed]>
To: "'Kosala Atapattu'" <kosalaa (at) carcumb (dot) com [email concealed]>; <bs7799 (at) securityfocus (dot) com [email concealed]>
Sent: Monday, June 05, 2006 11:27 PM
Subject: RE: USB pen drive policy

: Hi,
:
: My experience is that through a security audit, some auditors would look
at
: the mobile hard disk and pen drive as possible security leakage and would
: recommend some sort of security.
:
: You could check out www.mysecuredoc.com on their media security. Yes I am
: selling this stuff but do consider this on its merit and comment.
:
: Wilson
:
: -----Original Message-----
: From: Kosala Atapattu [mailto:kosalaa (at) carcumb (dot) com [email concealed]]
: Sent: Tuesday, June 06, 2006 11:30 AM
: To: bs7799 (at) securityfocus (dot) com [email concealed]
: Subject: USB pen drive policy
:
:
: Hi all,
:
: Is there any one use a USB pendrive policy? I was just wondering how to
: handle USB pendrives since there capacities are increasing by day and
: becoming a potential threat of Information leakage.
:
: At the same time USB pendrive have become some thing we can't get rid
: of, there uses overwhelm user productivity in some cases (people take
: work home..:)).
:
: Has any one come across similar Policy regarding USB pen drives. Any
: comment highly appreciated.
:
: Kosala Atapattu
:

[ reply ]

Re: USB pen drive policy Jun 06 2006 05:53AM
Kosala Atapattu (kosalaa carcumb com) (2 replies)

Re: USB pen drive policy Jun 06 2006 07:03AM
Maurice Smit (m smit dsinet org)

RE: USB pen drive policy Jun 06 2006 06:12AM
Jose Varghese (jose varghese paladion net)