Tag: exchange

Bulletin: #Lois Lerner’s #Email has been lost!

Bulletin: Lois Lerner’s Email has been lost!

Image

As an IT expert I have to say, “REALLY!”  “How stupid do you think the American people are?”  I realize that is a rhetorical question because obviously there are either some awfully stupid people or awfully gullible people or even awfully greedy people who vote; but this is over the top!

 

There are federal laws that govern how e-mail is to be stored and for federal agencies, it is not on the desktop.

 

As a disaster recover expert again “do you really expect us to believe that the IRS does not store files in a redundant fashion either using RAID or SANS or the cloud…

 

Let’s examine the issues here.

 

Firstly as a publically traded company (which the IRS is not, but they are aware of the standards 😉 you are required to keep all e-mails under SOX.  For that purpose you would use something called e-mail journaling which keeps a copy of the e-mail in a separate area that cannot be deleted.  One would think that a federal agency would at least be required to do that.

 

Secondly, there is FISMA (Federal information security management act of 2002.)  According to FISMA, the term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability.  This is the FREAKING IRS, do they really expect us to swallow that her e-mails were only stored on her local computer?

 

Thirdly; there are multiple types of redundant technology available and I would have to guess that the IRS takes advantage of Either NAS, OR SANS or the cloud and of course Tape Backup, just in case.  NAS (network attached storage) or SAN (storage area network) allow data from the “email store” to be stored on multiple drives in something known as a RAID configuration meaning, if a drive fails the data is stored on multiple different drives so there is no data loss. With VMWare they can have multiple servers with multiple copies of the data so the e-mail system is incredibly robust.  They have access to all the money in the world; do they really expect us to believe that all of her e-mail was on a laptop?

 

There is also FIPS200 which is part of FISMA…  FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems) is a United States Federal Government standard that establishes security categories of information systems used by the Federal Government, one component of risk assessment. FIPS 199, along with FIPS 200, are mandatory security standards as required by FISMA.

FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system’s overall security categorization.

 

 

Just for grins and giggles let’s assume that the IRS is really that deficit of IT talent.  There is forensic software out there that can get e-mails and other data off of purposefully deleted drives or crashed drives.  Often time’s data that has been removed via formatting the drive can sometimes be recovered.  If the NSA wanted it; they could get it!

My final thought on this; the IRS is supposed to manage Universal Healthcare.  All of your personal information will be out there at their disposal; umpteen millions of us will be out there.  Is she going to keep it on her laptop?

This “excuse” is an affront to anyone with a brain; much less anyone with any IT knowledge.

 

-Best

 

 

 

 

Advertisements