Re:

[Glenn Forbes Fleming Larratt <gl89 () CORNELL EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who is/are the steward(s), in your organization, for the data being
protected? They ought to, I would think, have incotrovertible say
over the issue of protecting the data that's theirs to protect.

I would point out, too, that the "libraries can only protect books
by closing their doors" argument is specious in the extreme: from
the standpoints of the nature of the protection (data disclosure
vs. physical security), the nature of the threat (global vs. local),
and the nature of the data store (data whose sensitivity has caused
legislative mandates to secure it, vs. data publically available),
there's no valid comparison here.

        -g

- --
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

On Mon, 17 Dec 2007, Mclaughlin, Kevin (mclaugkl) wrote:

> Thanks Joel. Agree with your comments, and I was actually pretty lucky in
> that while I could not get my formal data classification policy in place I
> was able to have it end up as an approved appendix to the Full Disk
> Encryption policy! :-)
>
> -Kevin
>
>
> Kevin L. McLaughlin
> CISM, CISSP, PMP, ITIL Master Certified
> Director, Information Security
> University of Cincinnati
> 513-556-9177 (w)
> 513-703-3211 (m)
> 513-558-ISEC (department)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFHZr37Lyw7nZwiKgQRAjlGAKC7yQfgiwWtimR9trQHsiZbVTxpewCfYfVA
T9CmWQyR/wXhvgaxI+c53Gk=
=B0R6
-----END PGP SIGNATURE-----