Educause Security Discussion mailing list archives
Re: Federal/State standards for data encryption via the WWW
From: Ken Shaurette <Ken.Shaurette () OMNITECHCORP COM>
Date: Tue, 15 Apr 2003 07:52:51 -0500
The perspective I would entertain is not so much whether there is a State or Federal law actually requiring encryption, but what case law will determine that the protection of any personally identifiable information on a student or staff member was inappropriate, protections on any confidential info. This goes beyond just encryption to other mitigating the risks of any vulnerabilites that might exist in the application, network, servers, firewalls, etc.... And are not diligently corrected. Ken M. Shaurette CISSP, CISA, CISM, IAM Information Security Solutions Manager Omni Tech Corporation, www.omnitechcorp.com (262) 523-3300 x486 -----Original Message----- From: Nick Fischio [mailto:nsf2 () CWRU EDU] Sent: Monday, April 14, 2003 4:34 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Federal/State standards for data encryption via the WWW All, I am a member of the IT staff at Case Western Reserve University and I am in the process of developing a proposal for utilizing SSL on several of our web applications to encrypt personal information (i.e. SSN, credit card #s, etc.). I am aware that a need exists to encrypt certain types of information while we transmit it via the WWW, however, I am not aware of any federal of state standards surrounding this issue. Ideally, I am hoping to find a document detailing the type of information that warrants encryption, and also the level of encryption necessary. For example, does one need to encrypt an SSN at 40-bit or 128-bit prior to transmission over the internet? Also, if anyone is aware of the legal implications, either at the state or federal level, I would appreciate some discussion surrounding this as well. Thank you, Nick Fischio ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Federal/State standards for data encryption via the WWW Nick Fischio (Apr 14)
- <Possible follow-ups>
- Re: Federal/State standards for data encryption via the WWW Tracy Mitrano (Apr 15)
- Re: Federal/State standards for data encryption via the WWW Scott Bradner (Apr 15)
- Re: Federal/State standards for data encryption via the WWW Ken Shaurette (Apr 15)