via Swati Khandelwal – writing at The Hacker News – comes this news confection, detailing the apparent incompetence of the State of Oklahoma Department of Securities (ODS) protective security personnel in safeguarding critical investigatory data.
I can think of a couple of rules when storing investigative data ostensibly owned by sister agencies (other than ‘DO NOT DO IT’): Chain of Custody and Access Control…
“The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the Oklahoma Securities Commission and many sensitive FBI investigations—all wide open and accessible to anyone without any password.” – via Swati Khandelwal – writing at The Hacker News
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2019/1/21/oklahoma-state-government-exposes-federal-law-enforcement-data