Educause Security Discussion mailing list archives
Re: Laptop encryption- Follow-up
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Tue, 16 Nov 2010 10:21:00 -0700
When we deployed full disk encryption, the distinction we made was whether or not the laptop was for class-room only use or administrative use. Thus, we didn't encrypt check out laptops, laptop ovens used in a class, etc. All faculty laptops were encrypted, as were all staff laptops. In the first few years of our deployment, we frequently received feedback from staff and faculty that they should be exempt since they did not have confidential data on their laptops. For us, it was hard to see how staff and faculty could selectively avoid working on confidential data so we made the decision to generally limit exceptions to the rule. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Office Pima Community College Office: 520-206-4873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On 11/16/10 9:59 AM, "Patria, Patricia" <PPatria () BENTLEY EDU> wrote:
For those that responded to the encryption thread noting that you are using Whole Disk Encryption for portable devices, would you mind sharing which group this applies to? Is it just your staff members? Or faculty as well? We are in the process of rolling out Bitlocker whole disk encryption to all staff with laptops, but are planning to allow faculty to opt out of Bitlocker if they sign a waiver stating that they do not store sensitive data on their laptop per our Data Classification Policy. Is anyone doing something similar? From a breach standpoint, if the individual signs a waiver and states that they do not have any sensitive information on their computer, do you employ other controls like Identity Finder or DLP software to ensure that is the case? Or is their signed waiver enough? Any feedback, or examples of how you address lost/stolen devices from a breach standpoint, is appreciated. Thank you. Patty Patty Patria Bentley University
Current thread:
- Re: Laptop encryption experiences, (continued)
- Re: Laptop encryption experiences Mclaughlin, Kevin (mclaugkl) (Nov 16)
- Re: Laptop encryption experiences randy marchany (Nov 16)
- Re: Laptop encryption experiences Joel Rosenblatt (Nov 16)
- Re: Laptop encryption experiences Allison F Dolan (Nov 16)
- Re: Laptop encryption experiences Rich Graves (Nov 16)
- Re: Laptop encryption experiences Sherry Callahan (Nov 17)
- Database Encryption for HIPAA Patria, Patricia (Nov 18)
- Re: Laptop encryption experiences James Farr '05 (Nov 15)
- Re: Laptop encryption- Follow-up Basgen, Brian (Nov 16)
- Re: Laptop encryption- Follow-up James Farr '05 (Nov 16)
- Re: Laptop encryption- Follow-up Dave Koontz (Nov 16)
- Re: Laptop encryption- Follow-up SCHALIP, MICHAEL (Nov 16)
- Re: Laptop encryption- Follow-up randy marchany (Nov 17)