Using Encryption Techniques

Encrypting or scrambling data to assure confidentiality and integrity.

To view the related Policy click      

  • Weak administration and procedures surrounding the all-important encryption keys can limit the effectiveness of this security measure.

  • Document all procedures carefully.
  • Keep public / private encryption keys safe.
  • Encrypted information may be secure, but it may also prove to be inaccessible, even to authorised persons, where keys are poorly managed.

  • The keys used to encrypt and decrypt must be held securely, but they must also be accessible when required. Introduce procedures which ensure the availability of the data when required by those so authorised.
  • Processor capacity (overhead)is used by the process of encryption and decryption. Lack of available capacity could lead to the data being effectively 'unavailable' when actually needed.

  • Only employ large scale encryption across entire systems where necessary.
  • Determine which information is classified as sensitive, and whether it needs to be transmitted over insecure networks, such as the Internet. See Classifying Information and Data.
  • Once the information has been encrypted, transmitted to its destination, and then decrypted, consider how the information should then be stored securely.
  • In some countries, it is illegal to use ciphers; or the type of permissible cipher may be strongly regulated. This could result in unintentionally breaking the law where encrypted data is sent to such a country.

  • Where necessary, seek legal opinion to confirm that the proposed encryption technique may be used between the organisations and countries in question.
Previous PageTop of this pageNext Page


Information Security Policies from US$595

 From
 US$595

Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word

 

Next PageUpPrevious Page