Has the government really got this so wrong?
By silicon.com
Published: 3 August 2006 11:50 GMT
1: The UK government is losing worrying numbers of laptops from key departments.
2: The bodies concerned aren't taking a thorough approach to risk management.
The first point comes from a recent silicon.com Freedom of Information enquiry - or enquiries, to be precise, as we had to approach more than half a dozen departments separately.
The second is really our opinion. But then that is what these articles are all about.
Two departments, Defra and the Department of Health, told silicon.com in response to the enquiry that they do not differentiate between 'lost' and 'stolen' laptops - an approach that ignores one of the most critical elements of risk assessment.
The two departments saw 17 and 18 laptops go astray respectively over the past 12 months but appear to have failed to ask the right questions about how or why.
After all, a laptop that is dropped in the River Thames, for example, poses a far lesser risk than a laptop which is stolen by somebody targeting that specific laptop owner outside their place of work.
Companies must understand where their problem sits on a sliding scale because this isn't even so black and white as 'lost' or 'stolen'. At what point does a lost laptop become stolen? And even within the bracket of 'stolen' laptops it is vital to break it down further and understand exactly what has happened.
Further reading...
♦ Exclusive: Laptop thefts' real gov't data risk
♦ Mobile phones leak from UK government
Was that laptop stolen by an opportunist who thinks they can get £100 'from that bloke down the pub' or was it a targeted theft which suggests the endgame is accessing information on that device? Factors such as location - a theft outside the office is far more worrying than one while sitting outside a restaurant several miles from the office - must play a part in drawing up a clear idea of the level of risk.
Similarly, organisations must correlate these factors with what they know of the data on the laptop and the way it is protected, all the time asking themselves 'how likely is it that data is going to be accessed and how likely is it this theft will come back to haunt us?'.
Too many organisations seem to assume the story ends when an employee reports their laptop missing. Fill in a form, order a replacement and move on. But in truth the story could only just be beginning.
Key Responsibilities / Duties: Own the supporting and troubleshooting of hardware and software across Windows desktops and laptops (engaging with ...
Technical systems and platform design experience gained within the consumer electronics arena - mobile phones, netbooks, Laptops, Sat Nav, PNDs or ...
Maintain a high standard of customer service and communication- Cover all elements if the IS, including desktop computers, laptops, telephones, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Heath
Let's shine a light into the public sector IT money pit
With £16bn being spent, why is productivity still falling?
Tim Ferguson
BBC is taking tech seriously, so give it a break!
Auntie is the envy of the world but doesn't get the credit it deserves at home...
Peter Cochrane
Peter Cochrane's Blog: Open info for all?
Government stonewalling citizens
Nick Heath
Home Office CIO on taming tech and why ID cards are good news
Interview: Annette Vernon, Home Office CIO
Nick Heath
NHS records, Google and Microsoft: Where do you want your data?
Politicians: Heal thyself
Alan Hunt
NHS network: Time to get secure
Patient data in need of a check up