Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

From: Crispin Cowan (crispin_at_immunix.com)
Date: 09/03/04

  • Next message: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
    To: "Paul D. Robertson" <paul@compuwar.net>
    Date: Fri, 03 Sep 2004 11:37:02 -0700
    
    

    Paul D. Robertson wrote:

    >On Wed, 1 Sep 2004, Stailey, Mike wrote:
    >
    >
    >>Mike - In CA all public companies must disclose any security breaches.
    >>Also, we now have the Sarbanes/Oxley act for publicly held companies.
    >>Yes, it's got a long way to go but like in Paul's prior posts - it
    >>definitely a start in the right direction.
    >>
    >>Anyway, that's my story and I'm sticking to it...
    >>
    >>
    >Isnt' it bad though, that these regulations are coming from outside of our
    >field? Shouldn't we be the ones lobbying and drafting and providing
    >guidance?
    >
    >
    It is unfortunate. However, it is my perception that HIPAA and
    Sarbanes/Oxley were primarily created to regulate human misbehaviors
    (HIPAA: med staff leaking celebrety med data to the National Enquirer,
    SB: Enron/WorldCom/Tyco) and the computer regulations are not for
    computer best practices per se, but rather just the consequent
    requirements for comuter systems to support the goals of HIPAA and SB.

    As such, there is *lots* of room left for regulation of computing
    practices. For good or bad :)

    Crispin

    -- 
    Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
    CTO, Immunix          http://immunix.com
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"

    Relevant Pages

    • RE: Hippa Compliance Checklist
      ... HIPAA; listed below are a few of my favorites. ... has released additional guidance explaining significant aspects of the ... This page lists all of the FAQ and is ... responsible to enforce privacy regulations. ...
      (Security-Basics)
    • RE: [Full-Disclosure] EULA
      ... HIPAA is an incredibly complex law and set of regulations, ... of medical privacy with an intent to profit from the violation. ... Second, HIPAA regulations, particularly the security regulations, are ...
      (Full-Disclosure)
    • Re: Oracle Innobase Purchase Impacts MySQL.
      ... I don't believe that there are any regulations ... Sarbanes-Oxley and HIPAA are all about process and accountability. ... I am much more familiar with SarbOx. ... It requires periodic reviews to ensure that change control ...
      (comp.databases.oracle.server)
    • Re: Jindal Opposes Offshore Drilling Moratorium
      ... We could look at other countries' practices and regulations `til hell ... agencies with overlapping responsibilities. ... Government agencies are like government subsidies and ...
      (soc.retirement)
    • Representation before the ECHR
      ... Im am doing a research paper on the specific domestic laws, practices ... and regulations for how is regulated the representation of the EU ... member states before the ECHR. ...
      (uk.legal)