Do you know that most printers retain data that is being copied onto a hard drive?
Should a CIO care about this? Well, possibly not if the printer is outside sales or marketing as a workgroup printer, but what if it is outside legal? Or Human Resources?
It may be time for a bit of printer house keeping……
Can printers be used as a relay? Or a hot spot? Relay points? Can they contribute in a botnet?
In this podcast I interviewed a specialist on printer security, Kelley Dempsey, who is a Senior Information Security Specialist Information Technology Laboratory/Computer Security Division with National Institute of Standards and Technology. She just recently co-authored a paper called Risk Management for Replication Devices.
- The Genesis of the paper
- Risks of Embedded Windows 2000 and Embedded XP on printers
- Managing printer service contracts
- Network takedown risk with DDOS
- Patching risk
- Monitoring risks
- Capabilities of printers like ‘overwriting’
- What is non volatile storage
- Port management
- Non-volatile storage – confidentiality
- Risk Management – this is not a one size fits all approach. How do you balance your response.
- Service Contract/ Lease Agreements section is a good reminder piece from the operations perspective
The key takeaways for your teams are:
- A link to Kelley’s paper 8023-IR (sections 3.1 and 3.2 are most useful)
- Appendix B in particular is important because it has a very useful risk assessment for your team to use.
All replication devices as mentioned above are not created equally technically or their use in the business or their functional purpose.
I hope you enjoy the podcast.
Love this episode? Leave a Review
Share it on your LinkedIn feed.
If you haven’t already, please make sure you leave us a review on iTunes.
About Bill Murphy
Bill Murphy is a world-renowned IT Security Expert dedicated to your success as an IT business leader.
Connect With Us On Social Media
Connect with Bill on LinkedIn.
Join The CIO Innovation Mastermind Community
We invite the top 20% of Business IT Leaders for my CIO Innovation Mastermind Events group to participate in monthly discussions on things like VR, AI, and other disruptive & emerging technologies. If you want to become a member, email Chief of Staff, Jamie Luber Jluber@redzonetech.net for more information.