WikiLeaks Triggers IT Security Angst

WikiLeaks' posting of classified U.S. Department of State cables, and the Web site's revelation that it will soon post sensitive internal documents from a major U.S. bank , has stoked data security concerns among governments and corporations around the world.

A suspect in the leak is a low-level U.S. Army intelligence analyst who allegedly siphoned data from classified networks onto a USB flash drive and rewritable CDs.

Such gaps in information security could easily happen in the private sector as well, said Doug Powell, manager of smart grid security at BC Hydro in Vancouver.

Sensitive information requires access controls, classification levels and effective monitoring. For example, classified data should have "tags" to prevent it from moving outside of a protected domain without scrutiny or permissions, Powell said.

But a Gartner Inc. bulletin said that leaks of confidential information -- either by insiders or hackers -- are "almost inevitable," so organizations should expect that any memo they create could be disclosed.

Gartner urged IT professionals to "use this WikiLeaks event as an opportunity to war-game with your business colleagues the impact [of] similar leaks from your own enterprise."

Gartner advised its clients that if information to be discussed in a meeting is so important that its disclosure would prove crippling, they should "prevent any recording of it, including minutes typed on a computer."

(itnews.com)