Subject: | |
From: | |
Reply To: | |
Date: | Fri, 13 Jun 2003 09:59:30 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Wait a minute. After reading your reply again, I'm not sure who 'owns' the
data. The 'Agent' hosts the application on his server. I need to dig
deeper here. I will check in after some phone calls.
tks again
Gary
----- Original Message -----
From: "Gary Sielaff" <[log in to unmask]>
To: "Patrick Santucci" <[log in to unmask]>;
<[log in to unmask]>
Sent: Friday, June 13, 2003 9:51 AM
Subject: Re: [HP3000-L] Where lays the responsibility?
> Sorry about that. I was typing and not thinking. You are correct. The
> agent owns the data. I am the connectee or user (really dumb terminology
> now that I look at it).
> We share the same opinion on this matter.
> tks
> Gary
> ----- Original Message -----
> From: "Patrick Santucci" <[log in to unmask]>
> To: "Gary Sielaff" <[log in to unmask]>;
<[log in to unmask]>
> Sent: Friday, June 13, 2003 9:39 AM
> Subject: RE: [HP3000-L] Where lays the responsibility?
>
>
> Gary Sielaff wrote:
>
> > This must have been a really really dumb question huh? I didn't get
> but
> > one reply.
>
> Actually, I was having trouble understanding your terminology. Who is
> the "Agent" and who is the "Connectee"? Which of these owns the data?
>
> Ultimately, IMO the owner of the data is responsible for ensuring that
> it is secure. That means monitoring, auditing and testing any entity you
> have entrusted with your data for security flaws. If I allow my
> customers' credit card numbers to be stored on my web-hosting company's
> site and someone breaks in and steals them, I better be able to document
> that I did everything possible to investigate that likelihood and take
> all reasonable steps to prevent it from happening.
>
> Does that mean hiring consultants to try to hack into the site and steal
> them? Probably not, but I might if I didn't think the web-hosting
> company wasn't being careful enough with my data, or if they gave me
> vague answers about exactly what security they had in place.
>
> Just my $0.02,
> Patrick
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Patrick Santucci
> HP e3000 Systems Administrator
> Computer Operations Team Lead
> Networking Services Department
> Cornerstone Brands, Inc.
>
> http://cornerstonebrands.com
>
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|