Do you know that most printers retain data that is being copied onto a hard drive?
Should a CIO care about this? Well, possibly not if the printer is outside sales or marketing as a workgroup printer, but what if it is outside legal? Or Human Resources?
It may be time for a bit of printer house keeping……
Can printers be used as a relay? Or a hot spot? Relay points? Can they contribute in a botnet?
In this podcast I interviewed a specialist on printer security, Kelley Dempsey, who is a Senior Information Security Specialist Information Technology Laboratory/Computer Security Division with National Institute of Standards and Technology. She just recently co-authored a paper called Risk Management for Replication Devices.
- The Genesis of the paper
- Risks of Embedded Windows 2000 and Embedded XP on printers
- Managing printer service contracts
- Network takedown risk with DDOS
- Patching risk
- Monitoring risks
- Capabilities of printers like ‘overwriting’
- What is non volatile storage
- Port management
- Non-volatile storage – confidentiality
- Risk Management – this is not a one size fits all approach. How do you balance your response.
- Service Contract/ Lease Agreements section is a good reminder piece from the operations perspective
The key takeaways for your teams are:
- A link to Kelley’s paper 8023-IR (sections 3.1 and 3.2 are most useful)
- Appendix B in particular is important because it has a very useful risk assessment for your team to use.
All replication devices as mentioned above are not created equally technically or their use in the business or their functional purpose.
I hope you enjoy the podcast.
Love this episode? Leave a Review
If you haven’t already, please make sure you leave us a review on iTunes.
About Bill Murphy
Bill Murphy is a world-renowned IT Security Expert dedicated to your success as an IT business leader.
Connect With Us On Social Media
Join The CIO Innovation Mastermind Community
We invite the top 20% of Business IT Leaders for my CIO Innovation Mastermind Events group to participate in monthly discussions on things like VR, AI, and other disruptive & emerging technologies. If you want to become a member, email Chief of Staff, Jamie Luber Jluber@redzonetech.net for more information.