Here is compelling evidence why auditors should *never* be permitted to make security 'requirements'. Never. Only see that due diligence is done.
What we have is a serious case of auditors going wild using only garbled media reports as justification. Wholesale encryption just does not make sense. Thoughtful risk assessments and cost effective countermeasures are the only reasonable ways to deal with the threats. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Anne & Lynn Wheeler Sent: Wednesday, December 28, 2005 3:22 PM To: [email protected] Subject: Re: ABN Tape - Found however, it was recognized that account numbers were required to be available (and therefor exposed) in a sizeable number of business processes (not just the original transaction). the conclusion was soemwhat that even if you buried the planet under miles of cryptography, it still wouldn't prevent account number leakage. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
