Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Information Security

Information security can mean protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. This goes beyond just computers and networks. Risks and threats can come from individuals, acts of nature, and new technology.

This topic affects everyone in the federal workforce - top to bottom. Thus, it is also the responsibility of everyone in the federal workforce to protect the information from threats.

Share your experience with securing information.

Options
Go to last post Go to first unread
Knight  
#1 Posted : Saturday, September 14, 2013 9:00:30 PM(UTC)

Rank: Senior Member

Groups: Registered
Joined: 1/2/2009(UTC)
Posts: 7,337
Man

Thanks: 242 times
Was thanked: 478 time(s) in 395 post(s)
That is the biggest problem and fear these days. The IT insider threat. We have the keys to the kingdom. We set the locks, we guard the doors. I have access to every piece of information in my unit. That is why I have a TS clearance. In theory that means I am very trustworthy, but so was Snowden.

Do we do like the nuclear folk and have a two person concept? I have heard that some places are now requiring 2 IT fork for jobs that involve the risk of data being removed. But then that doubles up manning and increases cost.

Some places are doing random bag checks on the way out. Looking for CD's, thumbdrives, paper. "Gee Mr Snowden, why do you have four laptops?"

I don't know the answers but I do agree there is the fear of another Snowden.
hustonj  
#2 Posted : Sunday, September 15, 2013 8:44:50 PM(UTC)
hustonj

Rank: Senior Member

Groups: Registered
Joined: 5/17/2011(UTC)
Posts: 2,270

Thanks: 8 times
Was thanked: 322 time(s) in 259 post(s)
waitingOutSequester wrote:
So how did the NSA screw up? What should they have been doing, but didn't to ensure their IT guys didn't have access to data outside their need to know?


Any time you have something locked down, you have someone who has the ability to go through all of those locks.

The way computer operating systems are designed, that guy is whomever has "root", "administrator", or "super-user" access. These permission levels are reserved for an IT guy because whomever has them can do AMAZING amounts of damage to a system by accident, and even more intentionally.

In my opinion, the big thing the NSA did wrong is actually a pretty big problem through both private industry and the government: They outsourced the holder of the keys to everything they do.

Paying, training, growing, etc. your own IT experts gets expensive. People look for a way to not have to deal with all that overhead and TIME investment, and they outsource. When the guy that you are paying to control access to all of your information is picked by somebody else (who has to pick someone in order to get their paycheck), and that guy may have as many as three other companies between him and you, any of which can fire him without notice, what loyalty is he likely to have to your organization and your organization's goals?

The big surprise about Snowden in my mind is how long it took for him to happen.

The sad thing is that in-sourcing is really only a minor mitigation of the inherent risk.

When you hire a locksmith, you trust that he won't take advantage of his specialty knowledge and the information he learns about you and yours for additional personnal gain. The same is true of your rank and file employees. People prefer to pretend that neither actually provides a threat.
TotallyRetired  
#3 Posted : Monday, September 16, 2013 12:13:13 AM(UTC)

Rank: Senior Member

Groups: Registered
Joined: 2/21/2013(UTC)
Posts: 1,577

Was thanked: 3 time(s) in 3 post(s)
Knight wrote:
...I have access to every piece of information in my unit. That is why I have a TS clearance. In theory that means I am very trustworthy, but so was Snowden.

Do we do like the nuclear folk and have a two person concept? I have heard that some places are now requiring 2 IT fork for jobs that involve the risk of data being removed. But then that doubles up manning and increases cost...


Knight,

It occurred to me that, as a supervisor, you are probably already doing some random checks. For example, when you monitor the e-mail of your staff, I am sure you are already opening up & taking a look at any large attachments.

--Not asking you to post your management inquiries here, just saying that I see you as a person who would take a few minutes here & there to monitor what is going on with your staff.
mudpie  
#4 Posted : Thursday, November 14, 2013 11:43:48 PM(UTC)

Rank: Senior Member

Groups: Registered
Joined: 7/3/2006(UTC)
Posts: 1,987

Was thanked: 98 time(s) in 90 post(s)
No one here or in the NSA for that matter knows what was or wasn't leaked; if any. Only Mr. Snowden does. I truly beleive the media and the NSA aka US Govt issues misstatements and misinformation to defer the finger pointing and the truth. The same game every government plays.
TwoUnderPar  
#5 Posted : Sunday, December 15, 2013 1:54:33 AM(UTC)

Rank: Senior Member

Groups: Registered
Joined: 10/25/2008(UTC)
Posts: 207

Was thanked: 1 time(s) in 1 post(s)
waitingOutSequester wrote:
So how did the NSA screw up?


I would approach the answer to your question from a different perspective. I would suggest that security might have been good (speculating) until such time as the NSA started to overreach it's authority and move into illegal/immoral activity.

For example: Tapping the personal cell phones of European leaders without cause or legal standing.

I would actually hope that government employees and contractors would have a strong moral and ethical obligation to take action against oppressive/fascist activities they find.

Please note that my comment neither endorses nor justifies the road that Snowden took, nor the method or extent to which he released information. I am merely stating that security systems that work well when agency activities are "sound", might fall apart when an agency moves to "the dark side" and overreaches its legal authority.
Martin Merrolli  
#6 Posted : Saturday, January 25, 2014 10:23:04 PM(UTC)
Merrolliman

Rank: Newbie

Groups: Registered
Joined: 1/4/2014(UTC)
Posts: 19



Spies, traitors, moles- it's human nature, and history. Come on, guys...it's going to happen. No security system will stop it or even contain it!

Background investigations are antiquated and a joke- just a bureaucratic shallow effort. Laws and punishment, ineffective. Government lapses, the norm. And politics........

No security system/restrictions, physical-technological, whatever- can't be beat.

Often government resources are way behind current 'state of the art' advances.

It's the same old factor- desire, motivation and determination, wins.

Guys, it's a bleak picture. Sorry.Merrolliman2014-01-26 06:35:25
lovejobsques2015  
#7 Posted : Sunday, June 21, 2015 2:29:29 PM(UTC)
lovejobsques2015

Rank: Senior Member

Groups: Registered
Joined: 1/3/2013(UTC)
Posts: 283

Thanks: 9 times
Was thanked: 30 time(s) in 27 post(s)
Originally Posted by: Knight Go to Quoted Post
That is the biggest problem and fear these days. The IT insider threat. We have the keys to the kingdom. We set the locks, we guard the doors. I have access to every piece of information in my unit. That is why I have a TS clearance. In theory that means I am very trustworthy, but so was Snowden.

Do we do like the nuclear folk and have a two person concept? I have heard that some places are now requiring 2 IT fork for jobs that involve the risk of data being removed. But then that doubles up manning and increases cost.

Some places are doing random bag checks on the way out. Looking for CD's, thumbdrives, paper. "Gee Mr Snowden, why do you have four laptops?"

I don't know the answers but I do agree there is the fear of another Snowden.


Snowden saw the inner workings of NSA i.e. corruption so he says and spying on innocent citizens and he did not like the corruption so he decided to spill the beans for justice because he thought NSA's supervisor are corrupted and he could not turn elsewhere. Otherwise there was nothing wrong with Snowden. More so it is the federal government's fault according to Snowden in that government should have integrity. According to him he asked only what government ask in SF86 to have integrity uncorruptibility. Because of his spills and now OPM hack the US citizens are losing confidence in federal government or government agencies or are most likely rethinking government employment. Since Snowden leaks and spills NSA is having real hard time filling positions in that applicants are not even considering to work at NSA agency which according to Snowden does not have integrity uncorruptibility. Spies spy whoever they want whenever they want without any reason.

Fear of another Snowden would most likely be reduced not by halting security clearance but by enforcing integrity incorruptibility in each and every supervisor, boss, HR, security officers and big boss in each and every agency. It has nothing to do with person but everything to do with government agencies and how they are operating based off of why Snowden did this.

So this means even if you do two person policy but inner working of agency is corrupted unchanged and agency people do not have integrity which is they do what they want are self centered do not follow rules then there will be another Snowden based off of why Snowden did this.

Edited by user Sunday, June 21, 2015 2:51:24 PM(UTC)  | Reason: Not specified

thanks 1 user thanked lovejobsques2015 for this useful post.
fedvet1980 on 6/21/2015(UTC)
lovejobsques2015  
#8 Posted : Sunday, June 21, 2015 2:35:35 PM(UTC)
lovejobsques2015

Rank: Senior Member

Groups: Registered
Joined: 1/3/2013(UTC)
Posts: 283

Thanks: 9 times
Was thanked: 30 time(s) in 27 post(s)
Originally Posted by: TotallyRetired Go to Quoted Post
Knight wrote:
...I have access to every piece of information in my unit. That is why I have a TS clearance. In theory that means I am very trustworthy, but so was Snowden.

Do we do like the nuclear folk and have a two person concept? I have heard that some places are now requiring 2 IT fork for jobs that involve the risk of data being removed. But then that doubles up manning and increases cost...


Knight,

It occurred to me that, as a supervisor, you are probably already doing some random checks. For example, when you monitor the e-mail of your staff, I am sure you are already opening up & taking a look at any large attachments.

--Not asking you to post your management inquiries here, just saying that I see you as a person who would take a few minutes here & there to monitor what is going on with your staff.


If you are supervisor and not security officer and are spying on your staff then this is violation of privacy. Supervisors are not hired to be spies or security officers. Leave it up to security officer and do your supervisor work.

Edited by user Sunday, June 21, 2015 2:39:58 PM(UTC)  | Reason: Not specified

thanks 1 user thanked lovejobsques2015 for this useful post.
fedvet1980 on 6/21/2015(UTC)
GWPDA  
#9 Posted : Sunday, June 21, 2015 3:03:20 PM(UTC)
GWPDA

Rank: Senior Member

Groups: Registered
Joined: 2/26/2011(UTC)
Posts: 2,696

Thanks: 281 times
Was thanked: 577 time(s) in 475 post(s)
"If you are supervisor and not security officer and are spying on your staff then this is violation of privacy. Supervisors are not hired to be spies or security officers. Leave it up to security officer and do your supervisor work. "

Please! Go away!
stana  
#10 Posted : Thursday, August 27, 2015 5:34:22 PM(UTC)

Rank: Senior Member

Groups: Registered
Joined: 12/15/2011(UTC)
Posts: 175

Originally Posted by: Knight Go to Quoted Post
That is the biggest problem and fear these days.


The biggest problem and fear these days would actually be government officials who blatantly violate and disregard the Constitution. Remember that old document that federal employees are sworn to protect?

Knight  
#11 Posted : Friday, August 28, 2015 6:58:36 AM(UTC)

Rank: Senior Member

Groups: Registered
Joined: 1/2/2009(UTC)
Posts: 7,337
Man

Thanks: 242 times
Was thanked: 478 time(s) in 395 post(s)
Ah yes, the beloved Constitution. Got a question for you. Since I have sworn to "...support and defend the Constitution of the United States against all enemies, foreign and domestic..." that means I will have to obey the lawful orders of the CINC in case of an attempt to over throw the Government.

So say some militia group rises up and declares that the current government is corrupt and needs changing and they will march on Washington with weapons in hand to force such a change.

Who determines that such an attempt is right or wrong? many people point to the Declaration of Independence for this comment; "...That whenever any form of Government becomes destructive of these ends, it is the Right of the People to alter or to aboli*****, and to institute new Government..."

While people are arguing over this, I am bombing the poop out of Wyoming.

hustonj  
#12 Posted : Friday, August 28, 2015 7:24:36 AM(UTC)
hustonj

Rank: Senior Member

Groups: Registered
Joined: 5/17/2011(UTC)
Posts: 2,270

Thanks: 8 times
Was thanked: 322 time(s) in 259 post(s)
<sigh>

"Support and defend the Constitution" is NOT the same as "defend the current administration". That's a false equivalency.

It is also the reason our military does not swear loyalty oaths to elected officials and that they swear to obey "the legal orders" of those appointed over them.
Knight  
#13 Posted : Friday, August 28, 2015 7:56:00 AM(UTC)

Rank: Senior Member

Groups: Registered
Joined: 1/2/2009(UTC)
Posts: 7,337
Man

Thanks: 242 times
Was thanked: 478 time(s) in 395 post(s)
I was in Colorado during the McVee Trial. There was creditable threat that the militia units in Wyoming (and other states) might rise up and "take back" the nation and overthrow the GOV.

That is why I used that example. We were prepared to defend the US from a "domestic enemy." I was prepared to drop bombs on Wyoming.

But who determines they are the enemy? The current administration, that is who. So we are effectively defending the current admin, whether we like it or not.



Rss Feed  Atom Feed
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.


This page was generated in 0.467 seconds.