November 2001
Intermediate to advanced
240 pages
6h 27m
English
With all the consideration that has to be placed on using encryption, there is the tendency to try to write specific policies as to how to handle encrypted data. However, here is one area where you have to remember that the policies are supposed to be guidelines and that the specifics are to be left to the procedures.
Policies covering when to encrypt data are something that can be left to procedures. The purpose of policies in this area is to provide some guidance as to how to create those procedures. While considering this problem, one organization I worked with decided that data would be classified based on storage or transmission requirements. After a lengthy discussion, we decided that rather than ...
Read now
Unlock full access