(ISC)² Links

(ISC)² Twitter Updates

  • (ISC)² Twitter Updates

    CATEGORIES

    Archives

    More...

    About the
    (ISC)² Blog

    • (ISC)² believes in the importance of open dialogue and collaboration, between both (ISC)², its certified members and members of business and society.

      (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.

      The postings on this site are the author's own and don't necessarily represent
      (ISC)²'s positions, strategies or opinions. (ISC)² does not control, monitor, or endorse any links provided in this blog and makes no warranty or statement regarding the content on any linked website.

      Those who post comments to blogs should ensure their comments are focused on the topic at hand. (ISC)² reserves the right to remove any post or comment from this site.

      Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org.

      Please click here for FAQs.

      Please click here for the Blog guidelines.

    « Some Background Notes on the Consensus Audit Guidelines (CAG) | Main | Weekly Summary of the "DHS Daily Open Source Infrastructure Report" »

    08 July 2009

    Primary Lessons Learned from the TSA Laptop Mess (Part 2)

    A couple of weeks ago, I read about the demise of the Verified Identity Pass, Inc.'s Fly Clear program.   This was a program working with TSA on the Registered Traveler service.  Back in August 2008, I wrote how VIP and TSA had no accountability for losing a laptop with personal information of over 33,000 applicants.  There is an additional lesson to be learned on top those from of my original article.  If the public can't trust you with their personal information, they are not going to buy your product or service in the long run.  That's why you need security and accountability when handling personal information.  I am just glad that I didn't give in to the temptation of using their service.  I have yet to hear about what is going to happen with the information of all applicants now that the company has gone away?  Will it be sold?  Will it be given to TSA for safekeeping?  Will it be destroyed and the applicants notified? 

    Posted by on 08 July 2009 at 03:49 PM in Confidentiality, Current Affairs, Dittmer, Ethics, IT Security, Privacy |

    TrackBack

    TrackBack URL for this entry:
    http://www.typepad.com/services/trackback/6a00e54f109b678834011571dc9882970b

    Listed below are links to weblogs that reference Primary Lessons Learned from the TSA Laptop Mess (Part 2) :

    Comments

    It would be a fair guess that some of that information has already been "brokered" in some way. As far the TSA being the safekeeper of this, their track record indicates that this information will find it's way in other databases if it hasn't already. Even the TSA's best effort to protect this sort of thing would be beyond their capabilities.

    Wasn't there something being discussed for travelers that have security clearances here in the US? The thinking was that if they are "cleared" then they not a threat or something along those lines.

    Posted by: Len | 09 July 2009 at 10:51 AM

    Len:

    I had proposed the concept for a reduced rate for those with security clearances. However, I think that there's really no traction for the idea now, especially since VIP is now out of business and no one is really doing the Registered Traveller service at this point. However, for $29 a pop, you can go through the speed line for many of the airlines. I did it with my family on a United flight from LAX back in May and I didn't have to provide any extra information.

    Posted by: John Dittmer | 09 July 2009 at 11:06 AM

    The comments to this entry are closed.

    Enter your email address:

    Delivered by FeedBurner

    Recent Contributors

    Past Contributors