Laptop Lessons Learned?

After a spate of well-publicized thefts of government laptops earlier this year, Clay Johnson III, deputy director for management with the Office of Management and Budget, sent a memorandum to department heads urging them to take action to safeguard information properly. Johnson’s memo, which includes a security checklist created by the National Institute for Standards and Technology, recommended four actions: use encryption when carrying agency data; use two-factor authentication provided by a device that is separate from the computer (such as a USB token); ensure that users reauthenticate after 30 minutes of inactivity; and verify that all sensitive data is purged within 90 days if no longer required. “Most departments and agencies have these measures already in place,” Johnson says in the memo, though the many recent losses of unsecured laptops suggest that having the measures in place and actually ensuring that workers use them are two separate issues. Johnson says that his department will “work with the Inspectors General community to review these items as well as the checklist to ensure [that] we are properly safeguarding the information the American taxpayer has entrusted to us.”

clay_omb_technofile1006.pdf118.09 KB



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.