Great question and one that I can appreciate! There are many opinions on the risk prioritization and analysis debate,...
but I tend to side with the technology that will address the higher probability risk in the easiest manner. My choice would be full-disk encryption for all laptops across the organization.
My reasons for this are rather broad, but, in my experience with full disk encryption, it is a fairly robust and mature technology. Also, it is moderately transparent to the user, which means that there are few buttons or options the user needs to remember when running the machine. For comparison, my experience with data loss prevention (DLP) technologies is that they are more useful for protecting sensitive data in enterprise-wide email and other outgoing electronic messaging, but that would not necessarily address the laptop security problem.
In April 2009, Ponemon Institute issued a report called "Business Risk of a Lost Laptop." The report included the results from a Web survey of 3,100 information technology practitioners around the world, including the U.S., U.K., Germany and Brazil.
The report asked those surveyed at what locations employees commonly lose their laptops. The list, in general order from highest to lowest, was:
- Rental car
- Conference or event
- Home location
- Train or subway
- Customer office
This list strikes me as interesting, because you probably have executives with their laptops at one or all of these locations during the week (and weekend). Hence, the risk of losing a laptop seems pretty high, which means full disk encryption may be the easier and quicker solution to a real, impending risk.
For more information:
Dig Deeper on Risk assessments, metrics and frameworks
Related Q&A from Ernie Hayden
In this Ask the Expert video, Ernie Hayden answers the question of what 'big data' is and outlines big data security issues in this video. Continue Reading
Every firm needs a security conscience, according to expert Ernie Hayden, who says it is critical among key CISO responsibilities. Continue Reading
Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.