Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

From: Crispin Cowan (
Date: 09/03/04

  • Next message: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
    To: "Paul D. Robertson" <>
    Date: Fri, 03 Sep 2004 11:37:02 -0700

    Paul D. Robertson wrote:

    >On Wed, 1 Sep 2004, Stailey, Mike wrote:
    >>Mike - In CA all public companies must disclose any security breaches.
    >>Also, we now have the Sarbanes/Oxley act for publicly held companies.
    >>Yes, it's got a long way to go but like in Paul's prior posts - it
    >>definitely a start in the right direction.
    >>Anyway, that's my story and I'm sticking to it...
    >Isnt' it bad though, that these regulations are coming from outside of our
    >field? Shouldn't we be the ones lobbying and drafting and providing
    It is unfortunate. However, it is my perception that HIPAA and
    Sarbanes/Oxley were primarily created to regulate human misbehaviors
    (HIPAA: med staff leaking celebrety med data to the National Enquirer,
    SB: Enron/WorldCom/Tyco) and the computer regulations are not for
    computer best practices per se, but rather just the consequent
    requirements for comuter systems to support the goals of HIPAA and SB.

    As such, there is *lots* of room left for regulation of computing
    practices. For good or bad :)


    Crispin Cowan, Ph.D.
    CTO, Immunix
    firewall-wizards mailing list

  • Next message: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"