Information Security
Information security can mean protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. This goes beyond just computers and networks. Risks and threats can come from individuals, acts of nature, and new technology.
This topic affects everyone in the federal workforce - top to bottom. Thus, it is also the responsibility of everyone in the federal workforce to protect the information from threats.
Share your experience with securing information.
Rank: Newbie
Groups: Registered
Joined: 10/6/2015(UTC) Posts: 2
Thanks: 1 times
|
Hello. Not sure if anyone has insights as to how security folks deal with classified docs popping up on the internet. I'm an consultant with a small company, and I was working on a company brochure from home recently on my personal computer. In doing some internet searches, I opened up a classified document just posted there online. I didn't download it and immediately called my boss and company security rep to notify them. They reported the incident to DSS, who called me and I provided them the URL or the incident report they had to write up. After, nothing further heard.
Details. Was working on a company paper (not associated or working on any contract) from my personal computer. Didn't download the document and didn't read it. I'm not currently indoc'd (waiting to get an appt for indoc to TOP SECRET), but was indoc'd for another job about two months ago and have an up-to-date clearance (though, obviously, no access right this second). I provided all these details to DSS.
I'm familiar w/ the Wikileaks issues and remember previous guidance on how to manage an incident like that. But this was not that website and it was inadvertent access from a personal computer for work w/ no govt affiliation and no remote access to govt IT. How do they resolve this (its got to be a likely compromise since anyone could find it on the internet). Curious if anyone's seen this scenario before b/c I haven't. Seems like there is no way to force a website to remove the document.
|
|
|
|
Rank: Senior Member
Groups: Registered
Joined: 5/17/2011(UTC) Posts: 2,270
Thanks: 8 times Was thanked: 322 time(s) in 259 post(s)
|
Rule 1 - if you opened up the document, you downloaded it.
It may have downloaded into the cache space on your hard drive, but everything you see on your screen while on the internet gets written to your hard drive.
|
 1 user thanked hustonj for this useful post.
|
|
|
Rank: Senior Member
Groups: Registered
Joined: 2/26/2011(UTC) Posts: 2,789
Thanks: 292 times Was thanked: 605 time(s) in 495 post(s)
|
The amount of sensitive material that ends up on the open net is astounding. I just can't decide whether it's extreme carelessness or utter ignorance. I've seen internal military assessments turn up as a result of a Google search - why? Are people really that clueless? In any case, it's hardly your fault for seeing something that's posted openly. And who knows - it could easily be de-classified.
Of course, classification and de-classification protocols are now utterly unconstrained. I wonder if that 1918 German Order of Battle that I was consulted about has ever been de-classified....
|
 1 user thanked GWPDA for this useful post.
|
|
|
Rank: Newbie
Groups: Registered
Joined: 10/6/2015(UTC) Posts: 2
Thanks: 1 times
|
Yeah, I'm aware of the temp file/cache issue. I suppose I could have it secure deleted if I don't to carry around any data remnants with me. I'm more curious how security can mitigate these sort of problems. I know if its on a govt IS or contract IS w/ access to govt networks, they can quarantine the box and sanitize. But with more and more of this stuff ending up out there, what mitigation/sanitize options do they have when its average Joe who stumbles onto it on his computer (if they'd even think to report it, I suppose.) Almost seems like the best they can do is document the URL and report. So with the internet and the amount of stuff being leaked, etc, we've lost control.
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.