[FDE] How important is FIPS 140-2 Level 1 cert?
Saqib Ali
docbook.xml at gmail.com
Wed Dec 20 22:07:24 MST 2006
> Risk aversion is the more interesting one,
> and folks with a decision analysis background
> will know several ways to assess this. At the
> risk of self-advertisement, see slides 100-115
> in geer.tinho.net/measuringsecurity.tutorial.pdf
this is very interesting, and I like the presentation as well. I also
subscribe to the Ira Winkler's philosophy of risk minimization.
However my question was much more general, in that I wanted to know
how much weight, in a Kepner Tregoe (KT) analysis, does a
non-government institution (large enterprise) give to the FIP 140-2
Level 1 certification. I know FIPS certification is usually a must for
govt institution, but not sure about non-govt institutions.
Any thoughts?
saqib
http://www.full-disk-encryption.net
More information about the FDE
mailing list