I just read this good article on steganography and started thinking about the potential uses and misuses of this technology.
So, do you have a need to hide information on mobile systems/devices to keep prying eyes away in the event of theft or loss? Sounds like a good application for it. Although given the current state of mobile security [mostly nada] I can’t imagine too many people would go this far to protect mobile devices when they haven’t even done the basics.
Think about the other side of the equation: rogue employees doing bad things. What an empowering way for users to walk out with sensitive files…Even if they get caught they can rest assured that their misdeeds are likely going to go unnoticed/undetected with current ediscovery tools.
Yet another good thing to think about for your incident response plan and your ediscovery efforts. Lawyers: are you listening?
Also, this is a good reason to NOT give users local admin rights on their workstations. If they can’t install the software they can’t abuse the system. This may also be a good time to consider some Web-based content filtering to at least attempt to block people from browsing to these software download sites. It’s not foolproof but you can at least say that you had reasonable controls in place.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”