Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Product request - Enterprise whole disk encryption for laptops

From: Mark Newman <mnx () UTK EDU>
Date: Mon, 17 Jul 2006 13:49:27 -0400
On Mon, 2006-07-17 at 12:40 -0400, Valdis Kletnieks wrote:

On Mon, 17 Jul 2006 12:18:20 EDT, Mark Newman said:

course, there are loopholes with EFS but, using any rotational cipher
and feeling like you've done anything more than just checking off a box
is self-defeating.


It's amazing how many sites want to just check off the box rather than
actually do it right. Of course, sites like that are far more likely to
end up as this week's "Yet Another mumblety-thousand SSNs disclosed"...


yes...and then there is the definition of 'sites' and how general a term
that can be...universities are not always adept at forcing policies upon
a diverse population...and, often, "doing what is right" is confused
with best practices - universities are entities that often (and should)
identify with openness and free exchange of thought and information as a
function of who and what we are - I suppose therein lies the potential
for conflict of practice

additionally, in the case of universities, 'site' can break down into
'sites', with each 'site' following their own 'list' with unique boxes
to check

without excuse, perhaps the lack of enforcement of policy, or even the
lack of consensus on what is right, is another contributor to the
negation of truly "doing what is right" - making exposure of SSNs far
more likely

Mark Newman
University of Tennessee - Knoxville
Previous By Date Next
Previous By Thread Next

Current thread: