Security Basics mailing list archives

RE: HIPAA_Compliance

From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Tue, 6 Apr 2004 11:40:21 -0400

I like PGP. It has its uses.  Mainframe version is awesome. I have not
looked into some of its newer flavors recently however, I believe the
Enterprise edition allows for restting of user passwords, I could be wrong
especially since I have not researched this lately.  The desktop version was
difficult for us to maintain for a large diverse base (i.e. millions of
e-mail users) and we could not reset their passphrase if they forgot it so
they lost all of their encrypted stuff if they forgot their password.  Add
our members into the picture and we just could not support ANY desktop
encryption package that had that type of key exchange.  Trying to explain
and swap keys to many users was just beyond comprehension as was trying to
have enough people to field their questions.  But it certainly DOES have its
uses.  Not tryingto slam desktop/end user encryption in any way.  Just
realize it does have some drawbacks from a support side. ALso, forensically
speaking, if I had to do an investigation on desktop encrypted stuff, it is
much more difficut since Ihave to start breaking passwords.  With SOME
enterprise versions, I can retain a master key and decrypt anything as I
need to.  Def a plus.  I would def talk to PGP as well because I do know
they have improved their software recently.

P.S.  My disclaimer blurb again.  

-----Original Message-----
From: Michael Dunn [mailto:MDunn () sscincorporated com]
Sent: Monday, April 05, 2004 2:05 PM
To: security-basics () lists securityfocus com
Cc: paralleluniverse
Subject: RE: HIPAA_Compliance


We've had good luck with PGP!

Regards,

-Mike

-----Original Message-----
From: paralleluniverse [mailto:paralleluniverse () ev1 net]
Sent: Saturday, April 03, 2004 9:48 PM
To: security-basics () lists securityfocus com
Subject: HIPAA_Compliance


Hello to All,

In order to provide security solutions for HIPAA compliance, encryption,
though not required, seems to solve several of the problems. Would anyone
have some suggestions for an inexpensive, easy to deploy, convenient to use,
and easy to train staff, encryption solution? Other thoughts?

Ron Cohen
FUNEN



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This e-mail transmission, including any attachments
to it, may contain confidential information or protected health information
subject to privacy regulations such as the Health Insurance Portability and
Accountability Act of 1996 (HIPAA). This transmission is intended only for
the use of the recipient(s) named above. If you are not the intended
recipient, or a person responsible for delivering it to the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or use of any of the information contained in this transmission
is STRICTLY PROHIBITED. If you have received this transmission in error,
please immediately notify me by reply e-mail and destroy the original
transmission in its entirety without saving it in any manner. 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

HIPAA_Compliance paralleluniverse (Apr 05)
- <Possible follow-ups>
- RE: HIPAA_Compliance Michael Dunn (Apr 05)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 05)
- RE: HIPAA_Compliance Henry, Christopher M. (Apr 06)
- RE: HIPAA_Compliance Billy Dodson (Apr 06)
  - Re: HIPAA_Compliance David Glosser (Apr 16)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- HIPAA_Compliance paralleluniverse (Apr 07)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- RE: HIPAA_Compliance Chris Orzal (Apr 07)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 07)
  - Re: HIPAA_Compliance Ned Fleming (Apr 08)
- Re: HIPAA_Compliance Ned Fleming (Apr 12)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 12)