And about bloody time too.

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Board Game Geek replied

10 September 2008, 16:38
security breeches

I think you will find that these are more "security breeches".

I take it you mean "breaches" ?
Leave a comment:
ratewhore replied

10 September 2008, 16:11
Originally posted by Moose423956 View Post

Do you work there?

I don't need to work there. This is what I do for a living and I've worked in enough places, both public and private sector, to know there are next to none of them that adhere to the rules rigidly.

Yes there are plenty of rules, unfortunately, as DaveB has already pointed out, they're not followed. And the fact remains that PA did not adhere to them either...
Leave a comment:
Unicorn replied

10 September 2008, 15:10
Stick Audits

Originally posted by DaveB View Post

AIUI The data was provided to PA by the Home Office on the data stick. This was apparently in line with the contract on the basis that PA would then look after it properly. Presumably the HO then asked for it back, at which point someone shat themselves.

Quote from article
Our investigation has demonstrated that while the information was transmitted in an appropriately secure way to PA Consulting and fed to a secure site, it was subsequently downloaded on to an insecure data stick and that data stick was then lost.

Not the same stick so presumably there must be some audit somewhere to show the data was downloaded onto the unauthorised stick.
Leave a comment:
Moose423956 replied

10 September 2008, 14:44
Originally posted by ratewhore View Post

erm, bollocks!! Sorry, but it is...

Do you work there?
Leave a comment:
ratewhore replied

10 September 2008, 14:06
Originally posted by Moose423956 View Post

That was my friend's point, the controls over sensitive data are very strict, and they are adhered to rigidly.

erm, bollocks!! Sorry, but it is...
Leave a comment:
DaveB replied

10 September 2008, 13:02
Originally posted by HairyArsedBloke View Post

I am not a user of these stick thingys, so sorry if this is a silly question.

But ....

How do they know that this copy existed in the first place apart from someone saying "I copied so-and-so to a stick and now I can't find it"?

What is to stop someone creating a new copy and they saying "it's all right, I've found it now"?

AIUI The data was provided to PA by the Home Office on the data stick. This was apparently in line with the contract on the basis that PA would then look after it properly. Presumably the HO then asked for it back, at which point someone shat themselves.
Leave a comment:
HairyArsedBloke replied

10 September 2008, 12:59
I am not a user of these stick thingys, so sorry if this is a silly question.

But ....

How do they know that this copy existed in the first place apart from someone saying "I copied so-and-so to a stick and now I can't find it"?

What is to stop someone creating a new copy and they saying "it's all right, I've found it now"?
Leave a comment:
DaveB replied

10 September 2008, 12:55
Originally posted by Moose423956 View Post

That was my friend's point, the controls over sensitive data are very strict, and they are adhered to rigidly.

I'd still apply Hanlons' Razor.

Never attribute to malice, that which can be adequately explained by stupidity.
Leave a comment:
Moose423956 replied

10 September 2008, 12:44
Originally posted by DaveB View Post

It's not difficult at all. From the article the USB stick was left in an unlocked drawer in an unsecured office. Chances are it was pilfered by an opportunist.

If this is correct it points to either a complete lack of control over sensitive information, a blatant disregard for any controls that do exist or a catatstrophic failure to implement those controls correctly.

That was my friend's point, the controls over sensitive data are very strict, and they are adhered to rigidly.
Leave a comment:
DaveB replied

10 September 2008, 12:42
Originally posted by Moose423956 View Post

I was talking to a friend of mine who used to work for PA, and he said it would be incredibly difficult to lose data in this way unless someone wanted to do it deliberately.

And thinking of the other instances, it appears to be either unbelieveable carelessness and stupidity, or maybe done deliberately to cause embarrassment to said organisation and the government in particular.

So, could it be a conspiracy?

It's not difficult at all. From the article the USB stick was left in an unlocked drawer in an unsecured office. Chances are it was pilfered by an opportunist.

If this is correct it points to either a complete lack of control over sensitive information, a blatant disregard for any controls that do exist or a catatstrophic failure to implement those controls correctly.
Leave a comment:
BrilloPad replied

10 September 2008, 12:40
Originally posted by KathyWoolfe View Post

Who by?

I think the only people who can sue are the people who are damaged, how do they prove that damage was caused?

Hopefully there will be no damage caused. But there is potential. I appreciate as the law stands there is little hope of damages being awarded for potential loss. Some may consider the loss of contract damaging enough.
Leave a comment:
Moose423956 replied

10 September 2008, 12:38
I was talking to a friend of mine who used to work for PA, and he said it would be incredibly difficult to lose data in this way unless someone wanted to do it deliberately.

And thinking of the other instances, it appears to be either unbelieveable carelessness and stupidity, or maybe done deliberately to cause embarrassment to said organisation and the government in particular.

So, could it be a conspiracy?
Leave a comment:
KathyWoolfe replied

10 September 2008, 12:34
Originally posted by BrilloPad View Post

I hope they get sued for damages.

Who by?

I think the only people who can sue are the people who are damaged, how do they prove that damage was caused?
Leave a comment:
BrilloPad replied

10 September 2008, 12:32
Originally posted by DaveB View Post

PA Consulting contract axed after data loss

Hopefully people will start to realise that these kinds of security breeches have consequences and start to treat information security seriously.

I hope they get sued for damages.
Leave a comment:
DaveB started a topic And about bloody time too.

10 September 2008, 12:30
And about bloody time too.

PA Consulting contract axed after data loss

Hopefully people will start to realise that these kinds of security breeches have consequences and start to treat information security seriously.
Tags: None