[nflug] Wiping hard drive sensitive personal data
Brad Bartram
brad.bartram at gmail.com
Thu Jul 20 12:20:34 EDT 2006
That's actually the concept behind the common criteria evaluations. It used
to be the Rainbow Series of books that defined security practices.
One of the big problems with a centeral certification authority is that in
the case of Sarbanes-Oxley, there is no defined practice that codified in
the act. It all comes down to interpretation of intent and individual
reading of the law as interpreted by administrative organizations. It's all
that fun theoretical legal stuff that has no clear answer and is really only
one step closer to reality than Kant or Neitzche.
Until we actually get some good case law on the subject, it will be next to
impossible to get an authoritative certification body without industry
consensus. Right now the industry can't decide on how it wants to handle
cascading style sheets on internet web sites without divergent
implementations - I don't have real high hopes for an effective working
group on comprehensive security practices.
But that's just my take on the subject. Then again, I tend to be
pessimistic about these things.
brad
On 7/20/06, anthonyriga <torrodimerda at yahoo.com> wrote:
>
> I agree with Pete on this one. There should be some
> sort of comitee that truly certifys that these os's
> meet hippa sarbanes oxley etc... compliances. Really
> what you need for a comitte of lawyers that know IP
> laws and have a real understanding of computer science
> engineering .Not bunch of politicians that are making
> IT industry decisions that dont know how to even turn
> their pcs on but are getting pay offs from Brother
> Bill in Redmond.
> If a doctor is using a windows pc that involves
> surgery to place over 100 recording electrodes in a
> patient, the PC-based systems use Microsoft Windows
> [because all but one vendor of these systems use
> Microsoft operating systems] and multimedia programs
> to capture the patient's data. If, after a Microsoft
> service pack is applied to overcome a security
> weakness in their operating system, and the service
> pack also secretly breaks the multimedia software
> and/or revokes access to our patient's data, thus
> damaging patient care, who is responsible?
>
>
> > As far as HIPPA compliance on ANY windows box, I
> > don't see how this is
> > possible! One quick read of the EULA for windows
> > should show glaring
> > problems like.....
> >
> > * Consent to Use of Data.? You agree that Microsoft
> > and its
> >
> > ????? affiliates may collect and use technical
> > information
> >
> > ????? gathered in any manner as part of the product
> > support
> >
> > ????? services provided to you, if any, related to
> > the Product.
> >
> > ????? Microsoft may use this information solely to
> > improve
> >
> > ????? our products or to provide customized services
> > or
> >
> > ????? technologies to you.? Microsoft may disclose
> > this
> >
> > ????? information to others, but not in a form that
> > personally
> >
> > ????? identifies you.??
> >
> > I would think that technically the HIPPA rules would
> > have a problem with
> > this but they look the other way of course for
> > windows.
> >
> >
> > _______________________________________________
> > nflug mailing list
> > nflug at nflug.org
> > http://www.nflug.org/mailman/listinfo/nflug
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20070525/e3bed7e8/attachment.html
-------------- next part --------------
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list