Keeping your ICT systems secure - this means securing yourself against disasters and accidents as well as malice
Memory stick security
Date: Tuesday, 18-Aug-2009, 12:37:07
Memory sticks are so convenient that sometimes we forget that their use comes with huge security implications. Have you lost data on memory sticks or other portable devices? How did it affect your organisation? Or do you have more advice for users?
Ian Runeckles, Lasa
Ian Runeckles, Lasa
Re: Memory stick security
Date: Friday, 21-Aug-2009, 17:27:31
Hi Ian
Good timing!
The ICT Champions are working on a range of policy template documents one of which is around use of Memory Sticks. I will post a link to it and add it here when its ready.
Thanks
Paul Webster
Paul Webster
Regional ICT Champions Support
NAVCA
The Tower, 2 Furnival Square
Sheffield
S1 4QL
ICT Resources for the Voluntary and Community Sector
Good timing!
The ICT Champions are working on a range of policy template documents one of which is around use of Memory Sticks. I will post a link to it and add it here when its ready.
Thanks
Paul Webster
Paul Webster
Regional ICT Champions Support
NAVCA
The Tower, 2 Furnival Square
Sheffield
S1 4QL
ICT Resources for the Voluntary and Community Sector
Re: Memory stick security
Date: Saturday, 22-Aug-2009, 09:28:57
Paul,
That sounds excellent, thanks. Also, Lasa is currently in the final stages of putting together an ICT security guide - will be announced in the Bulletin when it's ready and available from the Lasa website.
Ian
That sounds excellent, thanks. Also, Lasa is currently in the final stages of putting together an ICT security guide - will be announced in the Bulletin when it's ready and available from the Lasa website.
Ian
Re: Memory stick security
Posted by: JamesL (User rank: 
Newbie. IP Logged)
Newbie. IP Logged)Date: Wednesday, 21-Jul-2010, 17:12:25
Paul
Did you manage to complete your policy document. We've recently carried out an internal review of our stick usage and found the following uses:
1. Transfer of data between two work PCs
2. Transfer of data between work and home computer
3. Backup
4. PowerPoint presentations taken to third party company
The first three can be solved by a policy defining alternative methods and we'll then enforce the policy by locking down our USB ports with appropriate hardware or software solutions. The last one is really hard to solve 'cos a lot of third party companies use laptops which aren't connected to the web or network because the company doesn't want a laptop which has loads of virus infected memory sticks stuck in it connected to their corporate network, so we can't use download sites or FTP to get the PPT from our network to their laptop.
The overall problem with the data security part of the USB stick issue is that if we prevent the users stealing the data using sticks there are plenty of alternatives, the principle being the trusty DVD burner.
Anyone got suggestions on sticks and the other issues raised by stick usage?
Did you manage to complete your policy document. We've recently carried out an internal review of our stick usage and found the following uses:
1. Transfer of data between two work PCs
2. Transfer of data between work and home computer
3. Backup
4. PowerPoint presentations taken to third party company
The first three can be solved by a policy defining alternative methods and we'll then enforce the policy by locking down our USB ports with appropriate hardware or software solutions. The last one is really hard to solve 'cos a lot of third party companies use laptops which aren't connected to the web or network because the company doesn't want a laptop which has loads of virus infected memory sticks stuck in it connected to their corporate network, so we can't use download sites or FTP to get the PPT from our network to their laptop.
The overall problem with the data security part of the USB stick issue is that if we prevent the users stealing the data using sticks there are plenty of alternatives, the principle being the trusty DVD burner.
Anyone got suggestions on sticks and the other issues raised by stick usage?
Re: Memory stick security
Date: Thursday, 22-Jul-2010, 09:32:08
James
I think you are right that usb sticks are not the only concerns and as you say there are plenty of alternatives.
As mentioned previously Lasa has produced a free ICT security guide. Aimed at voluntary sector staff with responsibility for managing and securing ICT systems, the Security Guide - http://www.lasa.org.uk/uploads/publications/ictpublications/computanews_guides/security_guide.pdf (2MB PDF) is a valuable tool.
Thanks
Ian
I think you are right that usb sticks are not the only concerns and as you say there are plenty of alternatives.
As mentioned previously Lasa has produced a free ICT security guide. Aimed at voluntary sector staff with responsibility for managing and securing ICT systems, the Security Guide - http://www.lasa.org.uk/uploads/publications/ictpublications/computanews_guides/security_guide.pdf (2MB PDF) is a valuable tool.
Thanks
Ian
Sorry, only registered users may post in this forum.