As far as Clause 1 is concerned, there is no way for them to guarantee that someone
hasn't placed a keystroke logger or some trojan on your machine. If your machine isn't
secure, your use of their website isn't confidential.
John
In a message dated 7/25/2003 3:28:58 PM Eastern Daylight Time, "B
Most of what I've heard has gone the other way - allowing police or other governmental
entities the right to monitor communications and requiring ISPs and other
telecommunications providers to retain records.
I took a quick skim through www.epic.org and www.statewatch.org and didn't find
anythi
Debbie -
Regardless of whether anyone else does it, I'd say you've got a pretty good situation
as long as it doesn't overwhelm you.
Centralizing a function like that decreases the likelihood that some random person is
going to misconfigure something and open a hole in your firewall, or that som
One important thing to note is that the preamble to the Privacy Rule says that
companies must take adequate security precautions as part of the implementation of the
Privacy Rule.
Some people have suggested that this means that you basically have to comply with the
final version of the Security
>From a philosophical standpoint, there are two problems that you have to face when
>dealing with law firms. First, speaking as a lawyer, law school, in general, is a
>refuge for the mathematically challenged, the mechanically incompetent and the
>techincally declined, so lawyers rarely underst
Just as a data point, I've received email with an "unknown" attachment from
[EMAIL PROTECTED], too. Haven't bothered to chase it down.
John
In a message dated 2/7/2003 4:54:13 AM Eastern Standard Time, "Chris Carter"
<[EMAIL PROTECTED]> writes:
>Hi guys,
>
>For the last two months or so I have
I get a lot of this, but from the character of the subject lines, I've assumed that it
isn't actually generated by Symantec (e.g., lots of exclamation points, poor grmmar,
poor spacing, etc.).
I haven't bothered to try to figure out who's sending these, as they just get deleted
with all my othe
Nicole -
Although this is probably obvious, since you are dealing with medical patient info,
whatever solution you go with you should have someone make sure that your solution and
your resulting architecture are HIPAA-compliant.
John
In a message dated Fri, 12 Jul 2002 12:13:52 PM Eastern St
It's a good practice to notify any potential user that the use of the system is
limited to authorized users, that the owner of the system can monitor everything, etc.
In the case of government-owned systems, in particular, that kind of warning creates
a clear expectation on the part of the use
A general SLA on security is kind of difficult. Generally, you want your SLAs to be
specifically quantifiable and measurable, but it depends on the services that you are
talking about.
For example, if we were talking about anti-virus protection, you might have a service
level for how fast the
As a second legal opinion, I agree with John. This is a liability bomb waiting to go
off. And you do not want to be the guy that everyone looks to when that happens.
If you want to give management something reasonably short that might get their
attention, I wrote an article for USENIX; login:
I have to caution you about the strategy suggested here. If you want to demonstrate
hacking, go to the CEO and ASK PERMISSION in advance to demonstrate it.
I would strongly advise against premature and unauthorized hacking to gather evidence
of why your company should be improving its security.
12 matches
Mail list logo
