In-Reply-To: <e5dda3b405030315553767bfcc@mail.gmail.com>
For me the issue resovles around Risk Management:
1) Reduces the number of infection vectors. If the masses do not require
access to it then it shouldn't be enabled.
2) If they email it or print it, I will have a record. Not foolproof, but at
least I have evidence for audit purposes. Granted, I probably will not even
know if the individual is scrupulous enough to perform their actions under the
radar.
3) It's about keeping control of your data. If my company has sensitive data,
I want to maintain control of it as best I know how. From the corporate
espionage viewpoint, I would rather that an individual have to use some
archaic, low-capacity storage mechanism that will require more time / effort to
"liberate information" than use a device that is easy to conceal and has a
large storage capacity.
In my current work environment #1 is the biggest reason.
Ron
IS Security Administrator
While I'm on the subject. . . why all the FUD regarding USB drives?
We have a policy at my current job that prevents the use of USB
drives. This was a policy implemented around the same time that we
deployed new clients to our users. . . clients that came with CD
burners and floppy drives. . . which aren't disabled ....
But. I would be appreciative if anyone could point me towards a good
reason for disabling USB drives, so that I can start defending this
policy with some form of conviction.
Or am I correct in my belief that this emperor is buck naked?
Now - if you'll excuse me - I have a DVD burner to install for a user.
Allan Seyberth
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
