RE: Encryption and Data Retention



Well the same argument have been said about backup systems and people have found workaround for that. Just change the encryption methods when it gets outdated. That is a nonissue if you ask me, I would worry more over the backup system then the encryption (it was a long time since Caesar used his cipher but you can still decrypt messages made with that encryption today). But that is only my opinion.

Mattias

From: s0h0us [mailto:s0h0us@xxxxxxxxx]
Sent: den 5 augusti 2009 13:13
To: Mattias Baecklund; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Encryption and Data Retention

The argument here (made by the BCO) is that since the information needs to be stored permanently, any encryption methods used today may not be available 15-20 yrs from now, making it difficult to retrieve then.

________________________________________
From: Mattias Baecklund <mattias.baecklund@xxxxxxxxxxxx>
To: "s0h0us@xxxxxxxxx" <s0h0us@xxxxxxxxx>; "security-basics@xxxxxxxxxxxxxxxxx" <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Wednesday, August 5, 2009 3:35:08 AM
Subject: RE: Encryption and Data Retention

The overhead in time to decrypt is negligible if you ask me.

Mattias

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of s0h0us@xxxxxxxxx
Sent: den 3 augusti 2009 20:01
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Encryption and Data Retention

Hi List,
I'd like your hear your comments regarding the subject of data
encryption and data retention.
We are required to keep confidential information for a certain period
of time, in some cases, for many years. This information is transported
(physically by courier) offsite to a "disaster recovery" office. This
data isn't encrypted. The Business Continuity Officer calims that in
the event of a disaster or business disruption, this information needs
to be access very quickly so that transactions can resume and minimize
business downtime. My position is that any information that leaves the
building needs to be encrypted, and that the likelihood of a disaster
is low compared to that of unauthorized information disclosure in the
event something happens in transit..
I appreciate in advance your experiences and thoughts in this matter.

Thank you!

-----------------------------------------------------------------------
-
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your
company and how your customers can tell if a site is secure. You will
find out how to test, purchase, install and use a thawte Digital
Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be44
2f727d1
-----------------------------------------------------------------------
-

------------------------------------------------------------------------------

CONFIDENTIALITY AND DISCLAIMER NOTICE

This e-mail, including any attachments, is confidential and intended only for
the addressee. If you are not the intended recipient, please notify us
immediately and delete this e-mail from your system. Any use or disclosure of
the information contained herein is strictly prohibited.

------------------------------------------------------------------------------

CONFIDENTIALITY AND DISCLAIMER NOTICE

This e-mail, including any attachments, is confidential and intended only for
the addressee. If you are not the intended recipient, please notify us
immediately and delete this e-mail from your system. Any use or disclosure of
the information contained herein is strictly prohibited.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Encryption and Data Retention
    ... the level of confidentiality of the data will very much influence the ... Any moving of the data should be preceded by an encryption, ... When a real disaster happens (which luckily ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • RE: Encryption and Data Retention
    ... Subject: Encryption and Data Retention ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Basic question about RSA
    ... become more value laden such that encryption is used to ... Same process, different intent. ... confidentiality is often a little different (or even a lot ... Then devise an enhancement and repeat the ...
    (sci.crypt)
  • Re: Data Encryption on TurboImage/MPE
    ... First you need to know what the confidentiality parameters of the data ... What is the cost of loss of confidentiality? ... How do you secure the encryption keys from unauthorized access? ... How do you recover? ...
    (comp.sys.hp.mpe)
  • Re: why the encrypted msg is not transmitted over secure channel?
    ... of obtaining confidentiality than encryption. ... with neither the courier nor her opaque briefcase nor ... term "secure channel" that I'm familiar with requires both integrity ...
    (sci.crypt)