security policy question
David Goodenough
david.goodenough at btconnect.com
Tue Mar 5 10:24:54 GMT 2013
On Monday 04 Mar 2013, Root wrote:
> Hi All,
>
> I am not sending this from my usual account as gmail seems to have hit
> various blacklists. Even though the 2 factor auth and MITM detection seems
> to be a good thing in a web-mail service. So instead i am probably going to
> be giving spamd on this OBSD box a good work out.
>
> I am looking for a bit of advice.
> I work for part of the NHS and was recently given a new version of our
> security policy to sign.
> It contains the usual i will be a good citizen, take care of the datas,
> not hand out my password or transfer data onto unencrypted memory
> sticks/laptops and leave them in taxis etc.
>
> I am generally in favor of these and usually have no problems appending my
> signature but the difference between the old and new policy is the
> following:
> "I further understand that I am responsible for any transactions carried
> out under my personal password and code"
Perhaps you should demand sight of the software that will carry out what
you request. Of course if the NHS used open source software this would not
be a problem....
David
>
> I have no confidence that it wouldn't be trivial for someone to get hold
> of my user-name and password by methods which don't involve me being
> irresponsible.
>
> Any advice would be very helpful before i make a nuisance of myself.
>
> thanks
> mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20130305/bf5e175f/attachment.html>
More information about the ukcrypto
mailing list