Tim Cook wrote: >On Sat, 2004-03-06 at 14:17, Tim Churches wrote: > > >>In general, caches should be >>held on encrypted filesystems, either on-disc or in-memory, with the >>keys (or a key to the keys) to the encryption/decryption managed by a >>daemon which purges the keys from memory when asked (eg locking the >>device) or automatically after a short period of disuse. >> >> > >Well, now that would certainly be a secure way to handle caching. If I >were worrying about national secrets. > >Do you go to this extreme now (as a manager) when doing your risk >assessments? I am wondering what the total (additional) costs of system >design and hardware resources is when these facilities are implemented. > >I think that in most cases we can reliably depend on locked doors and >holding people responsible for protecting data they are entrusted with. >I will agree that security training needs to include this awareness so >that users know how to properly store each of these devices when not in >use. > > > A well known study in Harvard medical school (I think) showed that putting the message "Do not inappropriately access patient data - all your accesses are being logged" on clinician screens a few times a day resulted in a drop to near 0 of inappropriate access. No other technology was used
- thomas - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
