21 Jul 2008
More than 650 laptops have been stolen from the Ministry of Defence (MoD) over the past four years, more than twice the number previously claimed.
And 121 USB memory sticks have been lost in the same time period.
Previously the MoD had confirmed that 347 laptops were stolen between 2004 and 2007 – defence secretary Des Brown said that figures were revised after the MoD discovered "anomalies in the reporting process".
The information was revealed after Liberal Democrat MP Sarah Teather tabled questions in parliament.
The exact figures for 2004 to 2008 are:
658 lost laptops, 32 of these were recovered.
121 lost USB sticks, including 26 this year, three of which contained information classified as "secret" and 19 with information classified as " restricted".
A recent report into the loss of a MoD laptop containing the details of 600,000 potential applicants to the forces found that the department is not treating information as a key business asset.
"Information risk is not being formally managed at executive boards across the Department, with a small number of exceptions," says the Burton Review.
658 lost laptops over the last four years equates to a sustained and significant lapse in security. It is right that the MoD is putting in place a preventative plan. Presence of sensitive data on portable devices will never be eliminated, so the development of preventative methods is critical. Considerations include:
· Limiting the distribution of sensitive data across the organisation, particularly to portable, loosely managed devices - this will better manage risk by reducing the likelihood of a loss (i.e. fewer laptops have less sensitive data on them) while at the same time limiting the need for expensive end-point security measures
· Protecting data where it lives in organisational databases (as opposed to portable devices where data resides in pieces and for moments in time) - such measures provide prudent protection against targeted attacks (organised bad guys target data where it lives en masse) and also against incidental loss (like lost devices)
· Insider threat - The moment a well meaning employee attempts to download data they shouldn't have under any circumstance, or in bulk, or during off hours, etc. the activity is flagged accordingly. As a result, it never winds up on the portable device to begin with. Or, if it needs to be there, it's in reduced quantity at reduced risk since IT management will be alerted and can ensure the appropriate end-point protections.
Posted by: George Fyffe Director Application Security Inc. - EMEA 21 Jul 2008
Have your say on this article
Newsletters
Latest stories from Public Sector
You may also like
Public Sector jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
