Educause Security Discussion mailing list archives
Re: "Porn-surfing hits taxpayer IDs"
From: Chris Green <cmgreen () UAB EDU>
Date: Thu, 15 Jun 2006 08:17:47 -0500
In talking to security staff at a large healthcare company, one of the obligations they have before trusting someone is a penetration test on the downstream business applications, typically web front-ends. In the past 6 months alone, they have uncovered 1 million patient records from various potential partner sites with a maximum exposure of 120K. Those details need to get worked out and worked into contracts but the concept is very sane. One idea we're thinking about doing for this type of data is setting up a terminal server farm where we know what's on the systems. Anyone gone down that route of emulating mainframe computing again? On 6/14/06 5:11 PM, "Jere Retzer" <retzerj () OHSU EDU> wrote:
Guy Pace suggested quarantining machines that don't pass muster but I'm concerned scanning business partners' machines would be unacceptable.
-- Chris Green UAB Data Security, 5-0842
Current thread:
- "Porn-surfing hits taxpayer IDs" Jere Retzer (Jun 14)
- <Possible follow-ups>
- Re: "Porn-surfing hits taxpayer IDs" Joel Rosenblatt (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Gary Flynn (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Jere Retzer (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Brendan Callahan (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Pace, Guy (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Jere Retzer (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Graham Toal (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Jere Retzer (Jun 14)
- Re: "Porn-surfing hits taxpayer IDs" Gary Flynn (Jun 15)
- Re: "Porn-surfing hits taxpayer IDs" Chris Green (Jun 15)
- Re: "Porn-surfing hits taxpayer IDs" Graham Toal (Jun 15)
- Re: "Porn-surfing hits taxpayer IDs" Jere Retzer (Jun 15)