Educause Security Discussion mailing list archives
Re: Email Security Policies/Practices for Staff
From: Mark Poepping <poepping () CMU EDU>
Date: Sat, 2 Dec 2006 13:15:12 -0500
And regarding PKI technologies, experience, and deployments, I'd highly recommend the materials and discussions of the EduCause and Internet2 HEPKI efforts. A good place to start: http://middleware.internet2.edu/hepki-tag/ The PKI implementers workshop on Monday at the I2 member meeting is an example of the kinds of stuff available. http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2981&eve nt=258 mark.
-----Original Message----- From: Curt Wilson [mailto:curtw () SIU EDU] Sent: Friday, December 01, 2006 5:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Email Security Policies/Practices for Staff We have made selective use of Mozilla Thunderbird + Enigmail plugin for GPG with good success. However, for a larger rollout such procedures have been deemed too complex by some portions of our university community. The users want something to be simple and easily managed, and of course it needs to be enterprise ready, scalable and inexpensive too! Is anyone leveraging PKI for email encryption? The state of Illinois offers PKI resources that our campus is intending to leverage, first for electronic signature verification and then later for other security purposes. Even with the actual technical infrastructure being provided by an entity such as this, it's my basic understanding that managing a campus PKI is generally a full-time position, if not more. I'm curious to hear your experiences with PKI on or off-list. Thanks. Curt Wilson SIUC IT Mike Wiseman wrote:Hello, I'm interested to find out if institutions are implementing policies/practices/services on using email with sensitive or confidential content. I'm thinking of staff working in HR, administration, financial, admissions, network operations, etc. who want to (or do) use email and need end-to-end security services to reduce exposure to forgery and information compromise. Services such as email authentication (digital signing via S/MIME or PGP) and/or encryption (S/MIME, encrypted archives, key storage). The issue comes up occasionally and people like me give the usual 'don't do it - it's not secure' line. I'd like to look at recommending products and/or providing the services required. Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto-- Curt Wilson IT Network Security Officer Southern Illinois University Carbondale 618-453-6237 GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc
Current thread:
- Email Security Policies/Practices for Staff Mike Wiseman (Nov 28)
- <Possible follow-ups>
- Re: Email Security Policies/Practices for Staff Jeff Giacobbe (Nov 28)
- Re: Email Security Policies/Practices for Staff Brian Epstein (Nov 28)
- Re: Email Security Policies/Practices for Staff Paul Russell (Nov 28)
- Re: Email Security Policies/Practices for Staff Curt Wilson (Dec 01)
- Re: Email Security Policies/Practices for Staff Mark Poepping (Dec 02)