On Mon, 14 Jan 2008 12:12:35 -0500, Shmuel Metz (Seymour J.) <[EMAIL PROTECTED]> wrote:
>... >>I assume there are some shops with policies that forbid transfers across >>the web > >I doubt it; such a policy would accomplish nothing. I suspect that a lot >of shops have policies that restrict all unencrypted external transfers, >whether or not the web is involved. >... I know there is at least one. I was hoping to find some company. We allow transfers to/from MVS with a handfull of business partners that are essentially on our private network - inside our firewalls. No transfers of any kind (encrypted or not) is currently allowed between the mainframes and anything outside the firewalls. I'm trying to propose that it be allowed to a number of vendors if it is encrypted. Of course such a policy accomplishes nothing. It has to be circumvented for use to do our jobs (requiring a few extra hops and frustrating manual effort). What can be circumvented for dumps and traces can also be circumvented for critical corporate data, so the policy is useless. But we aren't talking logic here; we're talking about a Corporate Security department. Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
