Do you know that most printers retain data that is being copied onto a hard drive?
Should a CIO care about this? Well, possibly not if the printer is outside sales or marketing as a workgroup printer, but what if it is outside legal? Or Human Resources?
It may be time for a bit of printer house keeping……
Can printers be used as a relay? Or a hot spot? Relay points? Can they contribute in a botnet?
In this podcast I interviewed a specialist on printer security, Kelley Dempsey, who is a Senior Information Security Specialist Information Technology Laboratory/Computer Security Division with National Institute of Standards and Technology. She just recently co-authored a paper called Risk Management for Replication Devices.
- The Genesis of the paper
- Risks of Embedded Windows 2000 and Embedded XP on printers
- Managing printer service contracts
- Network takedown risk with DDOS
- Patching risk
- Monitoring risks
- Capabilities of printers like ‘overwriting’
- What is non volatile storage
- Port management
- Non-volatile storage – confidentiality
- Risk Management – this is not a one size fits all approach. How do you balance your response.
- Service Contract/ Lease Agreements section is a good reminder piece from the operations perspective
The key takeaways for your teams are:
- A link to Kelley’s paper 8023-IR (sections 3.1 and 3.2 are most useful)
- Appendix B in particular is important because it has a very useful risk assessment for your team to use.
All methods of how to access the show are below:
- Listen on iTunes (for iPhones etc.)
- Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app here)
- Stream it on Libsyn
- Listen to it on Soundcloud (This is for listening via PC/Mac Browser)
- Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes.
- Subscribe to my RSS Feed here.
- Link to LinkedIn blog post
If you enjoy the show, you can help us out by leaving a review on iTunes. Here’s How!
All replication devices as mentioned above are not created equally technically or their use in the business or their functional purpose.
I hope you enjoy the podcast.
To participate in discussions about these topics and others join our CIO Group on LinkedIn.
Bill is dedicated to your success as an IT Business Leader. Sign up/Subscribe for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly: Follow Bill on LinkedIn and Twitter.
Leave a podcast review here