Re: CRIME secure mail programs/internet

From: Scott Elam (Scott.Elam@private)
Date: Fri Nov 30 2001 - 10:16:32 PST

  • Next message: Scott Elam: "Re: CRIME secure mail programs/internet"

    Wow!  Scary!
    
    Which medical facilities should I be avoiding?  :)
    
    Frankly this sounds like a recipie for disaster.  (IMO) Your
    company/organization should start by creating generalized (non-OS or
    application specific) policies that dictate how computers and
    information will be used and handled.  Then you will need to create
    standards and evaluate solutions that comply.
    
    The policy creation process should involve many groups within your
    company.  It sounds like you deperately need a security professional
    who has created security policies and standards before.
    
    You are *storing* confidential medical records on Hotmails
    computers.  Their employees now have access to that info.  Are they
    liable?  No your company is.
    
    Home PC's that are used by kids, kids friends, babysitters, etc. are
    not a safe place for this information even if encryption is
    *supposed* to be used.  What about wireless LAN's?  Your local
    neighborhood hacker could be using your lan and internet connection
    so he doesn't have to pay for his own.
    
    I don't envy you :(
    
    Scott
    --
    Scott Elam
    Sun Microsystems
    SunIT, Network Security Group, SunCERT
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:05 PDT