"Ali, Saqib" writes: -+------------------ | security isn't what it is used to be. It is all getting very | confusing. To protect information we now have to use: | 1) ERM/DRM solutions; | 2) Traditional encryption of data (FDE, EFS, encrypted vaults etc); | 3) Content Control system where you control the flow of the | information (e.g. Vontu, Pointsec Data Protector etc) | | What is the right mix? What is overkill? What is abuse? | | Senate Bill such as SB1386 require "reasonable measures to prevent | un-intended data disclosures". |
<commercial_disclaimer> In my view, The Answer is a Reference Monitor in the good old Orange Book sense. As it happens, that is why we make at Verdasys, a RefMon implemented as a data-surveillance rootkit. It is not perfect, but it ends your need to buy a separate product for every little threat, and it is deployed at many tens of thousands of desktops. And Gartner hates us so we must be doing something right. </commercial_disclaimer> As to SB1386, the actual genesis of that is via Deidre Mulligan (UC Berkeley) who suggested to California Assemblyman Simitian that the model for loss of containment control of data should be the laws and regulations for loss of containment control for toxic substances. In the meantime, the shape of things to come is found here, or so I think... http://www.fsa.gov.uk/pubs/final/nbs.pdf --dan _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
