Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Information Security

Information security can mean protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. This goes beyond just computers and networks. Risks and threats can come from individuals, acts of nature, and new technology.

This topic affects everyone in the federal workforce - top to bottom. Thus, it is also the responsibility of everyone in the federal workforce to protect the information from threats.

Share your experience with securing information.

Options
Go to last post Go to first unread
jhs93  
#1 Posted : Tuesday, October 6, 2015 8:57:10 AM(UTC)
jhs93

Rank: Newbie

Groups: Registered
Joined: 10/6/2015(UTC)
Posts: 2

Thanks: 1 times
Hello. Not sure if anyone has insights as to how security folks deal with classified docs popping up on the internet. I'm an consultant with a small company, and I was working on a company brochure from home recently on my personal computer. In doing some internet searches, I opened up a classified document just posted there online. I didn't download it and immediately called my boss and company security rep to notify them. They reported the incident to DSS, who called me and I provided them the URL or the incident report they had to write up. After, nothing further heard.

Details. Was working on a company paper (not associated or working on any contract) from my personal computer. Didn't download the document and didn't read it. I'm not currently indoc'd (waiting to get an appt for indoc to TOP SECRET), but was indoc'd for another job about two months ago and have an up-to-date clearance (though, obviously, no access right this second). I provided all these details to DSS.

I'm familiar w/ the Wikileaks issues and remember previous guidance on how to manage an incident like that. But this was not that website and it was inadvertent access from a personal computer for work w/ no govt affiliation and no remote access to govt IT. How do they resolve this (its got to be a likely compromise since anyone could find it on the internet). Curious if anyone's seen this scenario before b/c I haven't. Seems like there is no way to force a website to remove the document.
hustonj  
#2 Posted : Tuesday, October 6, 2015 9:34:01 AM(UTC)
hustonj

Rank: Senior Member

Groups: Registered
Joined: 5/17/2011(UTC)
Posts: 2,270

Thanks: 8 times
Was thanked: 322 time(s) in 259 post(s)
Rule 1 - if you opened up the document, you downloaded it.

It may have downloaded into the cache space on your hard drive, but everything you see on your screen while on the internet gets written to your hard drive.
thanks 1 user thanked hustonj for this useful post.
jhs93 on 10/6/2015(UTC)
GWPDA  
#3 Posted : Tuesday, October 6, 2015 9:43:39 AM(UTC)
GWPDA

Rank: Senior Member

Groups: Registered
Joined: 2/26/2011(UTC)
Posts: 2,697

Thanks: 281 times
Was thanked: 579 time(s) in 475 post(s)
The amount of sensitive material that ends up on the open net is astounding. I just can't decide whether it's extreme carelessness or utter ignorance. I've seen internal military assessments turn up as a result of a Google search - why? Are people really that clueless? In any case, it's hardly your fault for seeing something that's posted openly. And who knows - it could easily be de-classified.

Of course, classification and de-classification protocols are now utterly unconstrained. I wonder if that 1918 German Order of Battle that I was consulted about has ever been de-classified....
thanks 1 user thanked GWPDA for this useful post.
Draconian on 10/14/2015(UTC)
jhs93  
#4 Posted : Tuesday, October 6, 2015 11:20:06 AM(UTC)
jhs93

Rank: Newbie

Groups: Registered
Joined: 10/6/2015(UTC)
Posts: 2

Thanks: 1 times
Yeah, I'm aware of the temp file/cache issue. I suppose I could have it secure deleted if I don't to carry around any data remnants with me. I'm more curious how security can mitigate these sort of problems. I know if its on a govt IS or contract IS w/ access to govt networks, they can quarantine the box and sanitize. But with more and more of this stuff ending up out there, what mitigation/sanitize options do they have when its average Joe who stumbles onto it on his computer (if they'd even think to report it, I suppose.) Almost seems like the best they can do is document the URL and report. So with the internet and the amount of stuff being leaked, etc, we've lost control.
Rss Feed  Atom Feed
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.


This page was generated in 0.156 seconds.