Paul D. Robertson <[EMAIL PROTECTED]> wrote:
>On Mon, 8 Nov 1999, Markku J. Saarelainen wrote:
>Most companies outside of lawfirms don't exchange a great deal of "secrets"
>with other companies. Those that do that I've encountered (like
>lawfirms) don't use e-mail for sensative information.
I know a lawyer who uses email for most of his client correspondence. His
claim is email is generally secure and he places the CLIENT/LAWYER
privilege on his correspondence. His claim is that email is no less secure
than postal mail or sending something by courier. He considers a lot of
the cryptographic techniques for privacy to be overkill in most cases which
includes a lot of privileged legal correspondence. He has found the speed
and convenience of email outweigh the risk of interception.
>education, why? If you're trusting "sealed envelopes", why? Most
>importantly have you analyzed the risk against the business case and
>decided what makes sense.
Exactly. Security is about assessing risk. Many organizations do not
understand this. All the security measures you may implement do not make
sense unless you understand what you are trying to protect and why you are
protecting it.
Smoot Carl-Mitchell
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
