Computer World in August reported that a growing number of IT and security managers are taking steps to control access to corporate information stored on portable storage devices that are used both with and without the approval of IT managers. At the U.S. Department of Veterans Affairs, for example, employees, contractors, and business partners are required to use encryption or other means to protect data stored on portable devices. In addition, the VA is in the process of acquiring encrypted thumb drives and applying encryption to other devices and storage media, says Bob Howard, CIO and assistant secretary for information and technology at the agency. Meanwhile, medical staffing firm Martin, Fletcher has deployed security software on the 150 PCs on its network in order to prevent data breaches via portable storage devices.
Despite this, few that 20% of organisations take any steps at all to manage this rapidly growing information security threat.
IT Security is covered in detail on Security Management Stage 1, 19-30 November 2007. In addition, a new two-day course entitled IT Security and Incident Response focuses on how to investigate suspected internal crimes using IT equipment. The course, led by IT expert, broadcaster and author, Ed Wilding, will be held over the period 9-10 October.