Re: centralized storage of sensitive data

[Theresa Semmens <Theresa.Semmens () NDSU EDU>]

Your request is bit confusing - are you looking for solutions to encrypt
just the storage (resting data), or the transference of data, or both?  If
it is both, you are wanting to discuss different solutions for different
issues. Will you be encrypting e-mail as well? What about the workstations
where the data will be manipulated - will they be considered in the
protection of sensitive data?   

Do you have a policy and procedure in place that will provide oversight and
governance for this project?  Without policy and procedure, you will run
into a lot of problems. This must be your first step in protecting data.

I have to question if you are considering all of the situations and issues
for confidential data protection. 

Theresa Semmens, CISA
Chief IT Security Officer
North Dakota State University
IACC 210D
PO Box 6050
Fargo, ND 58108
Phone: 701-231-5870
Fax: 701-231-8541
Theresa.Semmens () ndsu edu

"Opportunity is missed by most people because it is dressed in overalls and
looks like work."  Thomas Edison 


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of reflect ocean
Sent: Wednesday, July 01, 2009 9:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] centralized storage of sensitive data

We are planning to implement a solution to storage sensitive data
which must include encryption and auditory of each access.Storage of
information should be centralized and transfer of data across network
also should be encryted.
I've reviewed some solutions from McAfee and Sophos.If anyone has any
recommendation or any other consideration to implement , please let me
know.

Thanks