On Sat, 2004-03-06 at 14:17, Tim Churches wrote: > In general, caches should be > held on encrypted filesystems, either on-disc or in-memory, with the > keys (or a key to the keys) to the encryption/decryption managed by a > daemon which purges the keys from memory when asked (eg locking the > device) or automatically after a short period of disuse.
Well, now that would certainly be a secure way to handle caching. If I were worrying about national secrets. Do you go to this extreme now (as a manager) when doing your risk assessments? I am wondering what the total (additional) costs of system design and hardware resources is when these facilities are implemented. I think that in most cases we can reliably depend on locked doors and holding people responsible for protecting data they are entrusted with. I will agree that security training needs to include this awareness so that users know how to properly store each of these devices when not in use. Later, Tim - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
