Thank you for taking the time to respond. This policy has been agreed upon by %our company%'s executive team and mandated by the IS department in an effort to:
· Conform to our security auditor’s requests
· Protect %our company%'s data
It only takes a few minutes for a casual person or a child to delete %our company% data if the device is left unlocked – even if person’s intentions are not malicious. So, a password will in fact prevent most people from trying to get data from the device. And while it is true that we have not implemented the complex password restriction, it is available to us – of course, this is not to say that the IS department will not implement such a restriction in the future. Please note that you as a BlackBerry user are not limited to a 4-digit password, or that there is a ‘standard password’ that people are using – everyone has chosen their own password.
%our company% is comfortable with the (triple-DES encryption) memory scrubbing technique that is part of our BES deployment. As such, appropriate safeguards are (and have been) in place to protect %our company% data at the device and server level, including the denial of service vulnerability as you mentioned.
No electronic system is 100% safe or foolproof, but it can be made substantially safer if we all maintain an effort to secure %our company%'s proprietary assets and information.
If you have any further comments or questions regarding this policy, please refer them to my manager, %my manager%.
I didn't want to get into a techie battle with him, but wanted to go over the fact that this is not his choice, and it will in fact help us protect our data, since 99% of thefts are usually people concerned with the device, and have no care for the data.
What do you think?