Hi Thomas, A security audit coming across this tidbit would raise more than one red flag!
Regards! -Thomas Clark Thomas Beale wrote: > Tim Cook wrote: > >> On Sat, 2004-03-06 at 14:17, Tim Churches wrote: >> >> >>> In general, caches should be >>> held on encrypted filesystems, either on-disc or in-memory, with the >>> keys (or a key to the keys) to the encryption/decryption managed by a >>> daemon which purges the keys from memory when asked (eg locking the >>> device) or automatically after a short period of disuse. >>> >> >> >> Well, now that would certainly be a secure way to handle caching. If I >> were worrying about national secrets. >> Do you go to this extreme now (as a manager) when doing your risk >> assessments? I am wondering what the total (additional) costs of system >> design and hardware resources is when these facilities are implemented. >> I think that in most cases we can reliably depend on locked doors and >> holding people responsible for protecting data they are entrusted >> with. I will agree that security training needs to include this >> awareness so >> that users know how to properly store each of these devices when not in >> use. >> >> >> > A well known study in Harvard medical school (I think) showed that > putting the message "Do not inappropriately access patient data - all > your accesses are being logged" on clinician screens a few times a day > resulted in a drop to near 0 of inappropriate access. No other > technology was used > > > - thomas > > > - > If you have any questions about using this list, > please send a message to d.lloyd at openehr.org > - If you have any questions about using this list, please send a message to d.lloyd at openehr.org