Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Security Budgets Growing to Approx. 20% of IT Spending | Main | Does PCI DSS Really Matter? »

CT Governor Has No Intention of Becoming A Data Breach Poster Child

It's good to read an article about an executive making security policies a topic of discussion. The state of Connecticut will be rapidly deploying SafeBoot (related post) encryption technology on state laptops. The governor also reiterated some key points on the state's mobile device security policy in a recent announcement. From Government Technology:

The tool will be deployed as soon as possible to agencies in accordance with Rell's directive and the new policy on security for mobile computing and storage devices, announced September 10, 2007. The tool is currently available through an existing federal contract, ensuring favorable pricing to the state.

"We are taking every step possible to safeguard sensitive state information," Rell said. "The best solution is to ensure that as little information as possible is removed from state offices. But on those occasions when we must take information on the road to perform state business, this encryption program will make sure that no unauthorized person will be able to access it or use it.

The governor is also putting an end sloppy security on Blackberries:

Governor Rell also announced additional protections today for state BlackBerry devices. On September 24, more than 700 state BlackBerry users received a notice that the use of passwords had become mandatory in order to access data on the handheld computing device.

In addition, they were also notified that all passwords would have set expiration dates and must be changed regularly. Information on the BlackBerry will be erased and the device deactivated after multiple unsuccessful log-in attempts.

"Not using a password poses an unacceptable risk," Governor Rell said. "These latest measures are part of safe and responsible use of the taxpayer-funded equipment and information with which we have been entrusted."

I also like to see the tacit understanding that security management is partly about risk management. Sounds like CT has a prudent and balanced policy.

Tags:            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on October 10, 2007 12:43 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/472

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net