I was teaching last week when the announcement was made that the laptop was recovered… and then when the announcement was made that the data “appeared” to be untouched.

Since we have been writing and speaking about personal responsiblity and the way situations are sometimes (mis)handled, I intended to write about the basic forenics process and explain how someone *could* have captured the data in a way that it appeared untouched.

Then I found this blog and posting – and realized this says what I was thinking, but better. Enjoy the read.

I never really expected that the data was truly untouched; something there just doesn’t jive for me. That said, I think it made sense to announce that the data was “probably untouched” to calm the masses so this becomes a non-story and then we can move on. I’m okay with that approach, provided that while the media moves on, the professionals continue their work and we collectively look for ways for security to improve.

I’ve also started to review some of the broader knee-jerk reactions taking place. I really hope that we start to take a more pragmatic approach to security. Sure, events like this help shine a bright light on some issues and may even free some budget. The downside is that has the ability to encourage others to consider this a “one-time” event that can be “fixed.”

We have our work cut out for us – but I know we’re up to the challenge.

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours - the best way for Security Leaders to connect with a group of peers each week for a needed shot of energy and actionable insights.