Question

Flag "Preventing the unauthorized disclosure and loss of data has become almost impossible. Employees and others can use iPods, flash drives, cameras, and PDAs such as iPhones to download data and remove it from an organization's premises." Do you agree or disagree with the statement above? Please provide support for your position. What controls from the chapter could be applied to reduce the risk of data disclosure and risk from these devices (please pick 3)? How would the controls you choose reduce the risk?

Answer 1

These devices can certainly be used to circumvent physical access controls and logical access controls, such as physically restricting access to a computer facility,library controls, and access control software with identification and authenticationtechniques. However, some controls that might be used to reduce the risks of disclosure and loss include the following:

Implement portable device policies and education programs foremployees.

Encrypt flash drives to protect data in the event that the device is lost.

Dismiss employees violating portable device policies.

Some organizations have gone to the extreme of limiting their network’scapability to write to portable storage devices.

These Controls must solve the problem and reduces the risk in the way such that employees will think firstly if they know that they have been caught and fired and also these controls will definitely dont let them remove data.