Educause Security Discussion mailing list archives
Re: Data integrity requirements for compliance
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Tue, 20 Nov 2007 14:07:35 -0500
David Grisham wrote:
I would like to step away from the interesting password discussion for a minute & ask how those of you who are required to show data integrity to regulatory bodies are doing so. Especially protection from unauthorized alterations or destruction. I am trying to write a procedure that all of our ePHI data stewards/owners can understand, achieve and I can enforce. Checksums, hash values, etc. do not seem to be an option. Has anybody else tackled this issue in an enterprise that must keep the databases running to provide patient care?
Obviously, methods will differ depending on what exactly you're signing, but would a decentralized PKI system work for you? Something like GnuPG could be used to generate keypairs, and the tools from gpg4win.org allow users to right click and sign arbitrary files. The GnuPG system is cross-platform, as well, for the Mac and *nix users among us. --Matt -- Matt Gracie (716) 888-2403 Information Security Administrator graciem () canisius edu Canisius College ITS 425531N / 0785109W http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Data integrity requirements for compliance David Grisham (Nov 20)
- <Possible follow-ups>
- Re: Data integrity requirements for compliance Matthew Gracie (Nov 20)
- Re: Data integrity requirements for compliance Martin Manjak (Nov 20)