Thomas Beale wrote: > Tim Cook wrote: > >> On Sat, 2004-03-06 at 14:17, Tim Churches wrote: >> >> >>> In general, caches should be >>> held on encrypted filesystems, either on-disc or in-memory, with the >>> keys (or a key to the keys) to the encryption/decryption managed by a >>> daemon which purges the keys from memory when asked (eg locking the >>> device) or automatically after a short period of disuse. >>> >> >> >> Well, now that would certainly be a secure way to handle caching. If I >> were worrying about national secrets. >> Do you go to this extreme now (as a manager) when doing your risk >> assessments? I am wondering what the total (additional) costs of system >> design and hardware resources is when these facilities are implemented. >> I think that in most cases we can reliably depend on locked doors and >> holding people responsible for protecting data they are entrusted >> with. I will agree that security training needs to include this >> awareness so >> that users know how to properly store each of these devices when not in >> use. >> >> >> > A well known study in Harvard medical school (I think) showed that > putting the message "Do not inappropriately access patient data - all > your accesses are being logged" on clinician screens a few times a day > resulted in a drop to near 0 of inappropriate access. No other > technology was used > - thomas
There must be a downside to do that too - discouraging access by those who have urgent need while being undertrained on the system - it would sure scare me off - and that would effectively reduce medic-medic communication rather than promote it. Sure security is important but don't forget it is always compromise [Bruce Schneier]. - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
