Educause Security Discussion mailing list archives
Re: Data Encryption Policies
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Tue, 6 May 2003 17:39:06 -0500
Essentially, we have a policy that states that credit card numbers may not be stored on any IU server at all. Departments are use our central processing mechanism (Cybercash before, but I think Infinet now). There have been a couple of exemptions to that, where the card numbers are in fact encrypted and only stored for a short period of time. M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Sallie F Wright/cis/evp/Okstate [mailto:wsallie () OKSTATE EDU] Sent: Tuesday, May 06, 2003 3:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Data Encryption Policies Does anyone have a data policy for storing ssn and credit card numbers encrypted? Sallie Fulsom Wright CIS Information Technology System Security Officer 405 744-2752 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Data Encryption Policies Sallie F Wright/cis/evp/Okstate (May 06)
- <Possible follow-ups>
- Re: Data Encryption Policies Bruhn, Mark S. (May 06)
- Re: Data Encryption Policies Brian Reilly (May 07)
- Re: Data Encryption Policies Theresa M Rowe (May 07)