Re: Encryption and Data Retention



Hi S0h0us,

Let me start with: your description on how it happens and what exactly is
the level of confidentiality of the data will very much influence the
outcome of this story.


From reading your letter I see both your points; if the information is of
confidential level,security should be taking presence over speed,it is like
saying "lets leave the front door of the house unlocked and open wide 24 / 7
so if there is a once in a lifetime fire, we can escape faster that way"

Any moving of the data should be preceded by an encryption, it can be done
very simple and very fast (Choose from fast protocols like AES, TwoFish or
any other fast encryption)

When a real disaster happens (which luckily
does not happen often) the decryption of the data will happen
simultaneously to rebuilding the server / fixing the disaster : it should
nearly to not impact the re-implementation speed ( in most cases) of the
data, like the claim of your Business Continuity Officer was.

Conclusion: in this case (without further facts about the data, rescue
timeline, planning of disaster recovery) the lack of security on transported
(physically by courier) confidential data on a day-to-day basis should be outweighing
the single instance of a disaster with ease.

Jacco"Dash"Rorman
"Ad Astra per Administratio Aspera"

original Message ----- From: <s0h0us@xxxxxxxxx>
To: <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Monday, August 03, 2009 1:00 PM
Subject: Encryption and Data Retention


Hi List,
I'd like your hear your comments regarding the subject of data encryption
and data retention.
We are required to keep confidential information for a certain period of
time, in some cases, for many years. This information is transported
(physically by courier) offsite to a "disaster recovery" office. This data
isn't encrypted. The Business Continuity Officer calims that in the event
of a disaster or business disruption, this information needs to be access
very quickly so that transactions can resume and minimize business
downtime. My position is that any information that leaves the building
needs to be encrypted, and that the likelihood of a disaster is low
compared to that of unauthorized information disclosure in the event
something happens in transit..
I appreciate in advance your experiences and thoughts in this matter.

Thank you!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how to
test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Basic question about RSA
    ... become more value laden such that encryption is used to ... Same process, different intent. ... confidentiality is often a little different (or even a lot ... Then devise an enhancement and repeat the ...
    (sci.crypt)
  • Re: Data Encryption on TurboImage/MPE
    ... First you need to know what the confidentiality parameters of the data ... What is the cost of loss of confidentiality? ... How do you secure the encryption keys from unauthorized access? ... How do you recover? ...
    (comp.sys.hp.mpe)
  • Re: why the encrypted msg is not transmitted over secure channel?
    ... of obtaining confidentiality than encryption. ... with neither the courier nor her opaque briefcase nor ... term "secure channel" that I'm familiar with requires both integrity ...
    (sci.crypt)
  • RE: Hard drive encryption in windows
    ... check out SafeGuard Easy from Utimaco. ... hard disk encryption and also encrypts removable devices and floppies. ... I am looking for a solution to encrypt the hard drives which contain ... CONFIDENTIALITY NOTICE: This email and any attachments are for ...
    (Security-Basics)