On Friday 16 November 2007 11:41:09 Leo Mauler wrote:
So what you are saying is that they think that a network is more easily compromised than a physical security "sneakernet"? Seems it *is* a security back door they're concerned about.
They can see a safe. They understand what a safe represents. The fact that the whole safe might be removable might completely escape them, or they may take measures to prevent this as well.
Its not a bad plan, provided you spend the money keeping the employees locked in the office with both the hard drive safe and the workstations while both are in use.
The employees are expected to follow the rules. The reasoning is that while they have custody of the data, it is their responsibility to protect it properly. It's when the data is no longer the focus of attention that the need to lock it in the safe comes into play. Employees have been the weak link in the system before, but the objective is to make sure the rest of the system does not contain the weak link.
Clearly the system isn't flawless, but there it is.