Security Basics mailing list archives
Re: Secure Data Transfer Policy
From: simonis () myself com
Date: 24 Aug 2006 21:25:44 -0000
It seems to me you have a prerequisite policy to write. Your data transfer policy won't likely say that all data needs to be transfered securely, so you need to classify what type of data is in scope. To do so reasonably, you probably should start with a data classification policy which might define who is to classify data and what types of data are considered public/confidential/highly confidental/whatever/. Then, your data tranfer policy would be easily written such that, say, confidential data must be encrypted when sent to external parties using a secure channel (e.g., sFTP) while highly confidential data must be entity encrypted such that only the intended recipient can read (e.g., PGP or S/MIME). -ds --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Secure Data Transfer Policy ganglyone (Aug 24)
- <Possible follow-ups>
- Re: Secure Data Transfer Policy simonis (Aug 25)