Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]
From: Crispin Cowan (crispin_at_immunix.com)
To: "Paul D. Robertson" <email@example.com> Date: Fri, 03 Sep 2004 11:37:02 -0700
Paul D. Robertson wrote:
>On Wed, 1 Sep 2004, Stailey, Mike wrote:
>>Mike - In CA all public companies must disclose any security breaches.
>>Also, we now have the Sarbanes/Oxley act for publicly held companies.
>>Yes, it's got a long way to go but like in Paul's prior posts - it
>>definitely a start in the right direction.
>>Anyway, that's my story and I'm sticking to it...
>Isnt' it bad though, that these regulations are coming from outside of our
>field? Shouldn't we be the ones lobbying and drafting and providing
It is unfortunate. However, it is my perception that HIPAA and
Sarbanes/Oxley were primarily created to regulate human misbehaviors
(HIPAA: med staff leaking celebrety med data to the National Enquirer,
SB: Enron/WorldCom/Tyco) and the computer regulations are not for
computer best practices per se, but rather just the consequent
requirements for comuter systems to support the goals of HIPAA and SB.
As such, there is *lots* of room left for regulation of computing
practices. For good or bad :)
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards