-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]] On
Behalf Of Paul Galloway
Sent: 29 April 1998 23:33
To: [log in to unmask]
Subject: Re: Locality Communications
Go on, give us a clue to what you think the answers to your eminently
sensible questions are , then I'll argue my corner
(unless of course we agree!)
:-)
Paul Galloway
Unfortunately we agree.
The network was designed to be "open" from a systems point of view, hence
application providers can do what they want, and I am sure they will, and
charge us! If I wanted to add considerably to the cost of any system I
would try to convince the customer that they needed the latest 128 bit
encryption. The fact that they might not need it is neither here nor there
if they THINK they need it. Security, in sales, is about paranoia not
reality.
My point is that until we identify a threat that might risk patient data,
that is network specific, then we should carry on with the current safe
guards.
I am of course not just talking about NHSnet, the same is true of links to
branch surgeries and for that matter home links to the Internet.
My questions stand, can we find a threat that is real and quantifiable that
we can write a business case against it, or are we going to pay through the
nose for security and encryption that would protect the us against nothing
and get in the way of the necessary interaction with patient data.
Do people remember the Zergo Report, try reading it again, if you have a
copy, they could not find the threat and neither can I.
Regards
John
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|