Re: Secure Data Transfer Policy
- From: simonis@xxxxxxxxxx
- Date: 24 Aug 2006 21:25:44 -0000
It seems to me you have a prerequisite policy to write. Your data transfer policy won't likely say that all data needs to be transfered securely, so you need to classify what type of data is in scope. To do so reasonably, you probably should start with a data classification policy which might define who is to classify data and what types of data are considered public/confidential/highly confidental/whatever/.
Then, your data tranfer policy would be easily written such that, say, confidential data must be encrypted when sent to external parties using a secure channel (e.g., sFTP) while highly confidential data must be entity encrypted such that only the intended recipient can read (e.g., PGP or S/MIME).
-ds
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: RE: Interview Questions
- Next by Date: RE: Interview Questions
- Previous by thread: Secure Data Transfer Policy
- Next by thread: Envelope in email delivery.
- Index(es):
Relevant Pages
|
|
