Lynn Wheeler <[EMAIL PROTECTED]> writes:
for some topic drift ... part of the issue is that the majority of such compromises have involved data-at-rest ... not data-in-transit ... and lots of implementations don't provide the access control that may be found in mainframe installations ... so encrypting the data at risk might be viewed as compensating process for inadequate access control. the other part of it is that studies have something like 70 percent of such compromises have involved insiders (who already may have some level of access).
re: http://www.garlic.com/~lynn/2007n.html#85 PCI Compliance - Encryption of all non-console administrative access. ... above post may have only made it to the newsgroup, not the mailing list for some additional drift, a recent post in ongoing financial crypto blog thread on (effectively) decline in security and assurance over the past several decades http://www.garlic.com/~lynn/aadsm27.htm#53 Doom and Gloom spreads, security revisionism suggests "H6.5: Be an adept!" ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
