Dave Howorth wrote:
On Sun, 30 Apr 2023 09:25:54 +0200 Per Jessen <per@opensuse.org> wrote:
I have probably spent enough time in R&D environments to know it can be done differently. I once spent two-three months at a lab outside Winchester. The first day I was put through the security training - strict clean desk policy, black and white bins (one was for daily shredding), secure lockers and drawers.
I think it is much more about awareness and security culture.
I think that's much more about the kind of environment. No way would those policies wash in the places I have worked. The most draconian thing they did was post a list of all URLs everybody requested in a public place, to prevent porn being watched.
The environment certainly has a major impact, I agree - but a lot of things are not dependent on the environment. The NZZ was hit by a ransom attack some weeks back - their tears are as real as those in the IT consultancy or the babyfood factory or the local Gemeinde. However, some environments are certainly better at fostering security, usually because the business side is acutely aware of the potential impact. Typically found in banks and such, where regulations also play a heavy role. Draconian - I guess removing floppy drives and sealing USB ports was pretty draconian :-) Forced password change every month too, but you got used to it. When I worked in Germany in the 90s, the datacentre was surrounded by dual 4 meter tall fences, patrolled 24/7 by guards with dogs. Many years ago in Denmark, last level access to a bank datacentre involved a weight check. The PIN code to the first door came in two variations - normal and "under duress". -- Per Jessen, Zürich (16.8°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes