Friday 23 November 2007

Can we salvage something from this?

Can we get the government on board with some of the thinking in the real world about data security after this calamitous data loss?
After a series of security breaches involving databases of Credit Card data the card issuers started working on security standards, these have now coalesced into PCI DSS a minimum security standard that you have to adhere to if you want to process credit card data, full stop. Very soon this will be a non-negotiable requirement, play ball or don't get paid. Should the banking industry now produce a similar standard for those holding bank account details. Either your systems conform to x level of security or you don't get to use BACS or set up direct debits etc. The government would probably ask for many years and give much money to those such as EDS and Capita in order to get compliant, but wouldn't it all be worth it?
On the other hand from the geek half of the real world I am thinking of sending them a guide to how asymmetric cryptography works. With some recommendations on key lengths to use.

No comments: