[no subject]

["Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>]

Hi All:



I am having a bit of a tussle with a faculty member who is on one of the
committees that already approved UC having a Full Disk Encryption Policy.  I
won't overload you with the verbose emails that have gone back and forth but
it seems that his concern is summed up in that he doesn't want a policy for
this as that makes it mandatory and he is making some grandiose blanket
statements about the impact to faculty if we have a Full Disk Encryption
policy in place. (see below)   The policy basically says:  all PCs that
store restricted data (FERPA, HIPAA, GLB, PCI) will be encrypted with PGP's
full disk encryption software at no cost to the individual or department.
This software will be supported, as needed, by Central IT.





Hi Kevin

Encouraging FDE (full disk encryption) is fine.  Mandating it - is not.

Regarding your comment that "My profession is all about Risk mgt and
mitigation".
That is the trouble with the policy.  Faculty teach, do research, etc. The
policy needs to strike a balance. In years past, we had similar discussions
about libraries.  To protect the books, libraries should simply close their
doors. A balance needs to found.

The goal of the policy should be to assist professors to follow the law
while they do their job.







Here's my question:  I have talked about how transparent the tool is, my
team and I have used it for about 6 months now;  I have talked about how as
an adjunct I found it easy to use, and I have talked about how this IS a
tool that allows faculty to do their job and to safeguard information at the
same time.   I have also offered to let him try the tool and he has not
taken me up on that.  The net result I have had is nill.



Have any of you had success with a technique to overcome this type of
obstacle?   I have no doubt that the policy will be approved and moved
forward but I would also like to get this very vocal faculty member's
support if possible.



Thanks,



-Kevin







Kevin L. McLaughlin

CISM, CISSP, PMP, ITIL Master Certified

Director, Information Security

University of Cincinnati

513-556-9177 (w)

513-703-3211 (m)

513-558-ISEC (department)





 UC-Logo-800




CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential,
intended solely for the addressee, and may be legally privileged. Access to
this message and its content by any individual or entity other than those
identified in this message is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of this e-mail may be
unlawful. Any action taken or omitted due to the content of this message is
prohibited and may be unlawful.

Attachment: smime.p7s
Description: