RE: Secure Transactions over HTTPS????

From: Evans, TJ (tjevans@kpmg.com)
Date: 02/08/02


From: "Evans, TJ" <tjevans@kpmg.com>
To: focus-ms@securityfocus.com
Date: Fri, 8 Feb 2002 12:32:47 -0500 

I just posted this response to another mailing list earlier today, but
applies here as well ... regarding "to encrypt, or not to encrypt"

To paraphrase, it goes something like this:
Think of what it is your company makes, does or sells ... or is planning on
doing so in the future.
... and how it makes it and/or does it, how much it costs to do so, etc.
... and who it sells it to ... and for how much .. and where this money goes
<bank account names & numbers, partners, salaries, etc.>
Think of what differentiates you from your competitors .. quality, quantity,
unique products/information/processes, etc.
Now think of what would happen to your company if your competition knew all
of this.

I also don't think I would trust any of my medical or financial information
<for example> to be secure just by luck. Someone wins the lottery, so by
the same math someone who was trying would/could get someone's information
...

Thanks!
TJ

*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************