Security Policies Ignored at TSA

So your company has initiated several good computer security policies. You've got encryption, there's web and email filtering, firewalls, and more.

Are the users paying attention? Are they following the policies and procedures? Got any way to verify compliance? Anyone looking at the logs?

Ask the folks at TSA (those friendly folks that won't let you have more than 3 ounces of liquids on an airplane, but will put all of that dangerous liquids in a trash can a few steps away ... but that's another post).

Anyway, it seems that TSA has a policy to encrypt sensitive data on all hard drives on laptops and portable devices. And then they found that a hard drive was missing last May. The hard drive contained bank and payroll information for 100,000 employees.

Article here: http://www.star-telegram.com/464/story/170815.html

What's Your Compliance?