Jonathan, as you are in the UK and mention working with HR departments and compliance officers, you are probably aware of the requirement in the Data Protection Act to have "regard for the state of technological development" when you consider your treatment of personal data (for example, the contents of those password secured zip files) - how do you feel about sending passwords via sms now that the difficulty of attacks on the security of cellphone transmissions has been reduced to the level of script kiddies (down largely to the thorough trouncing of the A5/1 encryption algorithm). Do you feel happy that you are using an "adequate level of protection" in these circumstances?
Absolutely, as do my clients.
You're jumping to conclusions about the methods used to send and receive the messages.
With regard to the Data Protection Act, it states you should have security appropriate to "the nature of the information in question; and the harm that might result from its improper use, or from its accidental loss or destruction". 'Appropriate' is not defined, but the level of protection is agreed with the client with legislation in mind on a case by case basis.
Thanks for your concern.
Thanks. I wasn't aware of drawing any conclusions - only asking a bunch of questions.
I'm interested in SMS as a transmission medium because one of the organisations I work with have been making heavy use of TAN codes and are looking to move to another method because they no longer consider communications via cellphone secure enough.
It's good to bring it to light regardless. It's what makes forums such as this so important.
With regard to the Data Protection Act, it states you should have security appropriate to "the nature of the information in question; and the harm that might result from its improper use, or from its accidental loss or destruction". 'Appropriate' is not defined, but the level of protection is agreed with the client with legislation in mind on a case by case basis.
Don't you just hate it that guidance is no flipping guidance at all ! The use of the word "appropriate" is so flexible it's pointless ( conversely, it's better than "best practice" ! 'Cos at least you don't end up paying for a lot of things you don't need 😉 )
It's like the famous legal definition of what is 'reasonable' of course, it's something which is not 'unreasonable'!
one of my New Years resolutions is to keep my threads on topic ) please
Sticking to the technical issues (i.e. avoiding the legal ones) Andy Rosen has been doing interesting stuff with SMART feeding results into a website, also the whole point of FTK lab edition (if it is working correctly) is to allow investigators to remotely examine results. At least with these options you are in control of the machines on which the material is stored, of course you still have no control over the user at the other end.
Coming back to webex - many of the PC's at my place of work have a webex client installed on them which records sessions by default and I can't actually find any way as a meeting host/presenter to prevent a remote party from taking such a recording. Does anyone know of an option in the meeting centre manager to disallow remote recordings?