Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Product request - Enterprise whole disk encryption for laptops

From: Harold Winshel <winshel () CAMDEN RUTGERS EDU>
Date: Mon, 17 Jul 2006 22:42:03 -0400
I agree.  I don't recall seeing much in the way of specifics in terms
of exactly what kind of encryption passes muster.

My understanding is the same as yours, i.e., efs is sufficient.

Harold


At 09:14 AM 7/17/2006, Roger Safian wrote:

At 01:34 PM 7/15/2006, Harold Winshel put fingers to keyboard and wrote:
>There might be actually two different issues in terms of protection
>against a breach.
>
>One, what is required in terms of not having a reportable event.
>
>Two, what is required to give you the level of protection you seek
>against breach, regardless of reportable event standards.

Absolutely.  FWIW, if you're looking to be squirlly on the
notification, I haven't seen any of the privacy/notification
laws that really spell out what encryption is.  Those that mention
it, often give an out on notification if you are using encryption.

It would appear to me that EFS, with all it's problems, would
fit the definition and provide that out.  Personally I think it
would be nice to be able to examine the facts of the case and
make decisions based on them, instead of having our hands tied
legislatively.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"


Harold Winshel
Computing and Instructional Technologies
Faculty of Arts & Sciences
Rutgers University, Camden Campus
311 N. 5th Street, Room B36 Armitage Hall
Camden NJ 08102
(856) 225-6669 (O)
Previous By Date Next
Previous By Thread Next

Current thread: