On Wed, 26 Feb 2003, at 9:33am, [EMAIL PROTECTED] wrote: > It sounds like they're pushing for 100% encryption of all email, which is > well beyond my understanding of the expectation under the law.
While I don't know about this particular case, I've seen such reactions before in similar, non-HIPPA cases. It goes something like this: Security becomes a concern. Of course, you cannot have security without a good security policy that defines your information assets, risks, threats, counter-measures, and so on. Nor can you have security without user understanding and education. So the IT guys tell the PHBs that their existing policy of driving blindly through the fog is a bad idea. The PHBs react by coming up with crap ideas like "everything must be encrypted" (without even knowing what encryption actually *is*). Actually fixing their management structure would cost too much. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
