Encryption: Ensuring Information Security
|
|
- Shannon Dawson
- 8 years ago
- Views:
Transcription
1 Encryption: Ensuring Information Security Colin Chisholm CISSP, GCIH Information Security Analyst Associate Information Security & Systems / Compliance cchisholm@northwestern.edu
2 Agenda Encryption - Explanation & History Goals Data Encryption Policy Encryption Scenarios Steps Toward Compliance Takeaways Q & A
3 What is Cryptography? Cryptography is the practice of protecting written secrets Encryption is the process of transforming information into an unreadable form
4 Looking Back Historically, cryptography has been the domain of entities such as governments, corporations and banks Data + Resources + Motivation = Encryption Exponential increases in computing power and the development of the personal computer industry has leveled the playing field Strong crypto is now available to all
5 Today The information age has introduced a vast increase in the amount of data generated daily. More data in more places Common data types include , documents, spreadsheets, address books, calendars, photos, music, videos Common data locations include desktops, laptops, cell phones, smart phones, PDAs, USB sticks, external hard drives, gaming consoles, digital video recorders Data has become ubiquitous and commonplace.
6 Encryption Goals Confidentiality Keeping information secret from those who are not authorized to have it Integrity Preventing data from being altered in unexpected ways
7 Loss prevention Encryption Goals Intellectual property, research, personally identifiable information, HR records, financial information Regulations and compliance requirements to report loss Intangible losses can result from media exposure of data including loss of prestige and reputation
8 Policy Statement "Schools, departments and business functions are required to employ University-approved encryption solutions to preserve the confidentiality and integrity of, and control accessibility to, University data classified as Legally/Contractually Restricted where this data is processed, stored or transmitted using University-approved systems"
9 Policy Implementation Data Encryption Policy is available at: Policy was published October, 2008 Compliance is required by April, 2009 ISS/C is available as a resource for consultation at any stage of the deployment of an encryption solution
10 Considerations University departments have differing resources (technical staff, budget, etc) Encryption solutions have been selected ranging from commercial to freeware solutions The cost of the encryption technologies and associated controls should be commensurate with the sensitivity and value of the data to be protected
11 Out of Scope Servers, databases, network infrastructure systems Unix/Linux operating systems (OS X excepted) Student population Student systems are not University property. Students with access to sensitive data should be using University resources which fall under this policy
12 In Scope Applies to commonly used user-level systems Hardware focus on laptops, desktops, PDAs Operating System focus on Windows, Macintosh and select PDA systems Faculty, Staff, contractors, vendors and others (including 3rd parties) entrusted with University sensitive data
13 Preferred Solutions OS-Native Solutions BitLocker (Windows Vista) EFS (Windows 2000 & XP) FileVault & Disk Images (OS X) Mobile Device Encryption PointSec Mobile (Palm, Windows Mobile, Symbian) Full Disk Encryption CheckPoint Full Disk Encryption, TrueCrypt (Windows) PGP Desktop (Windows and OS X)
14 Key Strength The complexity and strength of the key is essential to assuring the protection of data The strongest encryption algorithm can be easily defeated by the use of a weak key NUIT Passphrase / Password Guide
15 Physical Security Physical security is vital to information security Controls implemented to protect data are weakened or eliminated with the loss of physical security Physical components to information security include hard drives, memory, backup tapes, CDs, DVDs, networking cable, servers, infrastructure equipment, paperwork, filing cabinets, and offices
16 Encryption Scenarios Boot Disk / Full Disk Encryption File / Folder / External Device Encryption Mobile Device Encryption Transport Level Encryption
17 Security as a Process Security is a process, not a product Information systems and the environments they operate in are dynamic Changes in technology, data, users and goals over time affect system security Systems, data, users and policies should be periodically reviewed with regard to information security
18 Home vs Office University-approved systems may include home machines used to access the NU network Don t store sensitive information on your home machine ( s, spreadsheets, documents, etc) VPN (Virtual Private Network) should always be used when connecting to NU from off-site Use encryption products where appropriate
19 Steps Toward Compliance 1. Data Classification 2. Solution Selection & Implementation 3. Encryption Keys 3.1.Key Creation 3.2.Key Management 3.3.Key Recovery Planning
20 Takeaways Security is a process, not a product Eliminate sensitive data from portable systems Physical security is king Encryption is a limited solution, not a silver bullet Combine encryption types to provide defense in depth Strong keys (passwords / passphrases)
21 Q & A
Guidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationPGP Whole Disk Encryption Training
PGP Whole Disk Encryption Training Agenda WDE Overview Licensing Universal Server & Client Basics Installation Password Recovery OS Maintenance Support Questions 2 Whole Disk Encryption Protects against:
More informationDisk Encryption. Aaron Howard IT Security Office
Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance
More informationData Storage for Research. Michael Pinch
Data Storage for Research Michael Pinch Intro Data storage is a world full of tradeoffs Read vs Write Speed Availability vs Security Cost vs Speed This presentation is to talk about the different types
More informationMobile Device Security and Encryption Standard and Guidelines
Mobile Device Security and Encryption Standard and Guidelines University Mobile Computing and Device best practices are currently defined as follows: 1) The use of any sensitive or private data on mobile
More informationVs Encryption Suites
Vs Encryption Suites Introduction Data at Rest The phrase "Data at Rest" refers to any type of data, stored in the form of electronic documents (spreadsheets, text documents, etc.) and located on laptops,
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationProtect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.
Protect Sensitive Data Using Encryption Technologies Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.com/blog Where is the User Data Stored? Q: Where is the biggest
More informationExcerpt of Cyber Security Policy/Standard S05-001. Information Security Standards
Excerpt of Cyber Security Policy/Standard S05-001 Information Security Standards Issue Date: April 4, 2005 Publication Date: April 4, 2005 Revision Date: March 30, 2007 William F. Pelgrin Director New
More informationThe virtual safe: A user-focused approach to data encryption
The virtual safe: A user-focused approach to data encryption Steganos GmbH, 2008 1 The hard disk: a snapshot of our lives The personal computer has never been more personal. We routinely trust it with
More informationData storage, collaboration, backup, transfer and encryption
Data storage, collaboration, backup, transfer and encryption Scott Summers UK Data Archive Practical research data management 19 April 2016 Overview Looking after research data for the longer-term and
More informationUsing End User Device Encryption to Protect Sensitive Information
Using End User Device Encryption to Protect Sensitive Information April 29, 2015 Mel Jackob, CISSP, GSEC, eplace Solutions, Inc. William Ewy, CIPP/US, eplace Solutions, Inc. William Ewy, BSEE, CIPP/US
More information2007 Microsoft Office System Document Encryption
2007 Microsoft Office System Document Encryption June 2007 Table of Contents Introduction 1 Benefits of Document Encryption 2 Microsoft 2007 Office system Document Encryption Improvements 5 End-User Microsoft
More informationEncryption Made Simple for Lawyers
Encryption Made Simple for Lawyers By David G. Ries, Esq. and John W. Simek Encryption is a topic that most attorneys don t want to touch with a 10-foot pole, but it is becoming a more and more important
More informationDeployment Strategies for Effective Encryption
Deployment Strategies for Effective Encryption Ben Rothke, CISSP, CISA Information Security Wyndham Worldwide Corp. Session ID: DSP-W25B Session Classification: Intermediate Deployment Strategies for effective
More informationMS 50292: Administering and Maintaining Windows 7
MS 50292: Administering and Maintaining Windows 7 Description: This five-day instructor-led course provides students with the knowledge and skills to successfully administer, maintain, and troubleshoot
More informationEncryption Buyers Guide
Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationPOLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.
POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More informationCOVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access
More informationUsing BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
More informationEncrypting Personal Health Information on Mobile Devices
Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Number 12 May 2007 Encrypting Personal Health Information on Mobile Devices Section 12 (1) of the Personal Health Information Protection
More informationEncrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010
Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010 I. File Encryption Basics A. Encryption replaces data within a file with ciphertext which resembles random data
More informationSUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information
More informationStoring and securing your data
Storing and securing your data Veerle Van den Eynden UK Data Service Advanced training course Managing and sharing your research data 18-19 June 2015 Overview Looking after research data for the longer-term
More informationLaptop Encryption. Tom Throwe. 1 August 2007. RHIC and ATLAS Computing Facility. (Brookhaven National Laboratory) Laptop Encryption 8/1/07 1 / 17
Laptop Encryption Tom Throwe RHIC and ATLAS Computing Facility 1 August 2007 (Brookhaven National Laboratory) Laptop Encryption 8/1/07 1 / 17 Outline 1 Introduction Requirements Realities 2 Software 3
More informationMore Expenses. Only this time the Telegraph will have to pay them after their recent data breech
More Expenses Only this time the Telegraph will have to pay them after their recent data breech What is an Identity? Wiki Definition Digital identity refers to the aspect of digital technology that is
More informationMS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery.
MS-50292: Administering and Maintaining Windows 7 This five-day instructor-led course provides students with the knowledge and skills to successfully install, maintain, and troubleshoot Windows 7 computers.
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationThe Contractor's Responsibility - Preventing Improper Information Process
BRIGHT HORIZONS BASELINE THIRD PARTY SECURITY REQUIREMENTS Version 1.0 (updated March 2015) Contents SECTION 1:... 3 REQUIREMENTS INTRODUCTION AND BACKGROUND... 3 1. SUMMARY... 3 2. DEFINITIONS... 3 3.
More informationAcceptable Encryption Usage for UTHSC
This document explains the acceptable use of encryption for the UTHSC system. It includes: acceptable encryption software, techniques, algorithms and instructions. Encryption methods and software are arranged
More informationWhy Endpoint Encryption Can Fail to Deliver
Endpoint Data Encryption That Actually Works The Essentials Series Why Endpoint Encryption Can Fail to Deliver sponsored by W hy Endpoint Encryption Can Fail to Deliver... 1 Tr aditional Solutions... 1
More informationAdministering and Maintaining Windows 7 Course 50292C; 5 Days, Instructor-led
Administering and Maintaining Windows 7 Course 50292C; 5 Days, Instructor-led Course Description This five-day instructor-led course provides students with the knowledge and skills to successfully administer,
More informationBackups. Backup Plan. How to use the Backup utility to back up files and folders in Windows XP Home Edition
Backups Backups are your insurance against data loss. Most organizations have an Information Technology Department (IT) which may be responsible for backing up organizational data and that is handled well
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More information'Namgis Information Technology Policies
'Namgis Information Technology Policies Summary August 8th 2011 Government Security Policies CONFIDENTIAL Page 2 of 17 Contents... 5 Architecture Policy... 5 Backup Policy... 6 Data Policy... 7 Data Classification
More informationMobile Device Security
Mobile Device Security Dr. Charles J. Antonelli Information Technology Security Services School of Information The University of Michigan June 11,2009 Why we re here Discuss best practices in safe use
More informationFor your eyes only - Encryption and DLP Erkko Skantz
For your eyes only - Encryption and DLP Erkko Skantz Symantec Finland 1 USER PRODUCTIVITY INFORMATION MANAGEMENT DATA CENTER SECURITY 2 Focus on information 3 Today's System-Centric Enterprise Data Center
More informationManaging Applications, Services, Folders, and Libraries
Lesson 4 Managing Applications, Services, Folders, and Libraries Learning Objectives Students will learn to: Understand Local versus Network Applications Remove or Uninstall an Application Understand Group
More informationCourse Outline. ttttttt
1300 86 87246 1300 TO TRAIN 50292 - Administering and Maintaining General Description This five-day instructor-led course provides students with the knowledge and skills to successfully administer, maintain,
More informationPage 1. Copyright 2009. MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved.
Page 1 Page 2 Page 3 Agenda Defining the Massachusetts Personal Data Security Law Becoming Compliant Page 4 Massachusetts Privacy Law Defining the Massachusetts Personal Data Security Law - 201 CMR 17.00
More informationFor Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery.
Investment and Governance Division 614.995.9928 tel Ted Strickland, Governor 30 East Broad Street, 39 th Floor 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer Columbus, Ohio
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationStoring and securing your data
Storing and securing your data Research Data Management Support Services UK Data Service University of Essex April 2014 Overview Looking after research data for the longer-term and protecting them from
More informationStorage, backup, transfer, encryption of data
Storage, backup, transfer, encryption of data Veerle Van den Eynden UK Data Archive Looking after your research data: practical data management for research projects 5 May 2015 Overview Looking after research
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationName: Position held: Company Name: Is your organisation ISO27001 accredited:
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
More informationYOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.
YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege. Defend it with Encryption. 1.0 Keeping up with the
More informationNetwork Security for End Users in Health Care
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
More informationGoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey
GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With
More informationHarbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008
Document version: 2.8 Issued to: Harbinger Escrow Services Issued by: Harbinger Group Pty Limited Delivered on: 18 March 2008 Harbinger Group Pty Limited, Commercial in Confidence Table of Contents 1 Introduction...
More informationOther terms are defined in the Providence Privacy and Security Glossary
Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:
More informationEndpoint & Media Encryption
Endpoint & Media Encryption Bill Kyrouz, Senior Applications Manager Bingham McCutchen LLP ILTA Boston City Rep (CR) Tim Golden, Principal Architect Enterprise Architecture & IT Governance McGuireWoods
More informationA Websense White Paper Websense CloudMerge Ingestion Service
A Websense White Paper Websense CloudMerge Ingestion Service Table of Contents Introduction... 3 Legacy Data...... 3 Chain of Custody...... 3 Websense Data Import Process.... 4 Top Nine Things to Know
More informationInformation Security Policy
Information Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED
More informationINFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies
INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW
More informationSecure Storage. Lost Laptops
Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include
More informationFive Truths. About Enterprise Data Protection THE BEST WAY TO SECURE YOUR DATA AND YOUR BUSINESS DEFENDING THE DATA CMYK 100 68 0 12
Five Truths About Enterprise Data Protection THE BEST WAY TO SECURE YOUR DATA AND YOUR BUSINESS DEFENDING THE DATA CMYK 100 68 0 12 1. Business data is everywhere and it s on the move. Data has always
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationCongregation Data Security Education
Congregation Data Security Education Data Security Risks Incoming and Outgoing Internet Traffic Remote Access Outbound Email Improperly Discarded Paper Portable Media Devices (i.e. laptops, flash drives,
More informationIntroduction to Windows 7 Feature Practice Examination (brought to you by RMRoberts.com)
Introduction to Windows 7 Feature Practice Examination (brought to you by RMRoberts.com) This practice examination consists of questions based on the most common Windows 7 features. As a professional,
More informationIntroduction to BitLocker FVE
Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk
More informationHow To Use Truecrypt For Free On A Pc Or Mac Or Mac (For A Laptop) For A Long Time (For Free) For Your Computer Or Ipad Or Ipa (For Mac) For Free (For Your Computer) For Long
Advanced Open-Source /Free Solutions for Home and Small Business Owners Robert Baldi, CISSP- ISSEP TOPICS Encryption Backups Audits Wireless Security Network Security Open Source Goodness ENCRYPTION Encryption
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationYiwo Tech Development Co., Ltd. EaseUS Todo Backup. Reliable Backup & Recovery Solution. EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1
EaseUS Todo Backup Reliable Backup & Recovery Solution EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1 Part 1 Overview EaseUS Todo Backup Solution Guide. All Rights Reserved Page 2 Introduction
More informationPGP Proof of Concept Completion Checklist
Completion Checklist Updated as of November 7, 2008 Proof of Concept Start Date: September 23, 2008 Proof of Concept Completion Date: October 31, 2008 Proof of Concept Objectives Proof of Concept objectives
More informationCITY UNIVERSITY OF HONG KONG. Inventory and Ownership Standard
CITY UNIVERSITY OF HONG KONG Inventory and Ownership Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationFAQ. F-Secure Online Backup
F-Secure Online Backup Before installation... 3 Does the F Secure Online Backup program work if there are other online backup programs installed on my computer?... 4 Are two online backup programs better
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationPGP Whole Disk Encryption Implementation
PGP Whole Disk Encryption Implementation Educause National Conference October 29, 2008 Gale Fritsche Tim Foley Lehigh University Library and Technology Services Lehigh Overview Founded in 1865. Private
More informationCOMPUTER SECURITY PRINCIPLES AND PRACTICES BY COREY@MARK5MINISTRIES.ORG
COMPUTER SECURITY PRINCIPLES AND PRACTICES BY COREY@MARK5MINISTRIES.ORG INTRODUCTION My Background Some questions for you Why computer security? Principle of Incarnation What this presentation covers (and
More informationFall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374
Fall 2011 Forensic Examination of Encrypted Systems Matthew Postinger COSC 374 Table of Contents Abstract... 3 File System Encryption... 3 Windows EFS... 3 Apple FileVault... 4 Full Disk Encryption...
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationUnderstanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization
Understanding Northwestern University s contract with Symantec Symantec Solutions for Cost Reduction & Optimization Chris Hagelin and Shane Scholes Symantec Account Manager and Symantec Sales Engineer
More informationImplementing and Supporting Microsoft Windows XP Professional
Implementing and Supporting Microsoft Windows XP Professional Key Data Course #: 2272C Number of Days: 5 Format: Instructor-led The purpose of this course is to address the implementation and desktop support
More informationTotal Backup Recovery 7
7 TM 7 Automat backup and restore management for all networked laptops & workstations from a centralized administrating console 7 Advanced Workstation assures that critical business information is well
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationBACKUP SECURITY GUIDELINE
Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect
More informationLecture 6: Operating Systems and Utility Programs
Lecture 6: Operating Systems and Utility Programs Chapter 8 Objectives Identify the types of system software Summarize the startup process on a personal computer Summarize the features of several stand-alone
More informationManaging BitLocker With SafeGuard Enterprise
Managing BitLocker With SafeGuard Enterprise How Sophos provides one unified solution to manage device encryption, compliance and Microsoft BitLocker By Robert Zeh, Product Manager Full-disk encryption
More informationTotal Backup Recovery 7
7 7 Enhance business functionality and productivity with guaranteed protection from 7 Server 7 Server is a total backup and recovery solution for Windows. With support for all operating systems, 7 Server
More informationElectronic Data Retention and Preservation Policy 1
1 Purpose and Scope The purpose of this policy is to: Identify the types of College-related electronic information, including the location of the information; Identify what departments or individuals are
More informationSecure data storage. André Zúquete Security 1
Secure data storage André Zúquete Security 1 Problems (1/3) ( The classical file system protection is limited Physical protection assumptions Physical confinement of storage devices Logical protection
More informationDisaster Recovery Checklist Disaster Recovery Plan for <System One>
Disaster Recovery Plan for SYSTEM OVERVIEW PRODUCTION SERVER HOT SITE SERVER APPLICATIONS (Use bold for Hot Site) ASSOCIATED SERVERS KEY CONTACTS Hardware Vendor System Owners Database Owner
More informationTransparent Data Encryption: New Technologies and Best Practices for Database Encryption
Sponsored by Oracle : New Technologies and Best Practices for Database Encryption A SANS Whitepaper April 2010 Written by Tanya Baccam, SANS senior instructor and course author for SEC509: Oracle Database
More informationEnd User Encryption Key Protection Policy
End User Encryption Key Protection Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization.
More informationEnterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
More informationSeptember 28 2011. Tsawwassen First Nation Policy for Records and Information Management
Tsawwassen First Nation Policy for Records and Information Management September 28 2011 Tsawwassen First Nation Policy for Records and Information Management Table of Contents 1. RECORDS AND INFORMATION
More informationNETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.
NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationIntroduction to Cloud Services
Introduction to Cloud Services (brought to you by www.rmroberts.com) Cloud computing concept is not as new as you might think, and it has actually been around for many years, even before the term cloud
More information