I occurs to me that the individuals on the news channels and those in our government asking questions about the large data breach at OPM are asking the wrong questions.
One of the news channels was interviewing a guy who’s data had been stolen. He hadn’t worked for the federal government since 1992. What was obtained was his initial resume and the paperwork associated with hiring him along with security background check documents and subsequent work evaluations.
Since the data about this person hadn’t been relevant well over ten years that data should have been recognized as not vital to the current needs of the government and been put in an ‘At Rest’.
“Data At Rest” is a term that is sometimes used to refer to all data in computer storage while excluding data that is traversing a network or temporarily residing in computer memory to be read or updated. [REF: http://searchstorage.techtarget.com/definition/data-at-rest ]
With the reported amount of data that was taken we need to ask two things:
- How much of the data taken was actively being used for day-to-day operations of OPM (Office of Personnel Management).
- Of the data that was not being used to meet the immediate (or imitate) needs of OPM why was it still available on an accessible network?
The long-and-the-short of it is the information that was taken should not have been that readily available in the first place.
Encryption “would not have helped” at OPM, says DHS official | Ars Technica
No comments:
Post a Comment