In my last article I spoke at some length about not just why a Security Policy is important, what its content should be, but also how it should be written. There is no default setting for Security Policy. Remember, what works for one organisation probably won’t work for another.
On Friday, Ian Simpson the Chief Executive of the Earthquake Commission (EQC) held a media conference and announced that a staff member had accidentally sent an email with an attachment containing a spreadsheet with the details of 9,700 Christchurch residents and their claims, to a recipient outside of the organisation.
Interesting article in the NY Times here
It discusses the loss of an unencrypted laptop by a NASA employee that contained the confidential details of 10,000 employees including names, birth dates, social security numbers and, in some cases, personal information from background checks.