Wow! Scary! Which medical facilities should I be avoiding? :) Frankly this sounds like a recipie for disaster. (IMO) Your company/organization should start by creating generalized (non-OS or application specific) policies that dictate how computers and information will be used and handled. Then you will need to create standards and evaluate solutions that comply. The policy creation process should involve many groups within your company. It sounds like you deperately need a security professional who has created security policies and standards before. You are *storing* confidential medical records on Hotmails computers. Their employees now have access to that info. Are they liable? No your company is. Home PC's that are used by kids, kids friends, babysitters, etc. are not a safe place for this information even if encryption is *supposed* to be used. What about wireless LAN's? Your local neighborhood hacker could be using your lan and internet connection so he doesn't have to pay for his own. I don't envy you :( Scott -- Scott Elam Sun Microsystems SunIT, Network Security Group, SunCERT
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:05 PDT