Educause Security Discussion mailing list archives
Re: Email Security Policies/Practices for Staff
From: Curt Wilson <curtw () SIU EDU>
Date: Fri, 1 Dec 2006 16:41:04 -0600
We have made selective use of Mozilla Thunderbird + Enigmail plugin for GPG with good success. However, for a larger rollout such procedures have been deemed too complex by some portions of our university community. The users want something to be simple and easily managed, and of course it needs to be enterprise ready, scalable and inexpensive too! Is anyone leveraging PKI for email encryption? The state of Illinois offers PKI resources that our campus is intending to leverage, first for electronic signature verification and then later for other security purposes. Even with the actual technical infrastructure being provided by an entity such as this, it's my basic understanding that managing a campus PKI is generally a full-time position, if not more. I'm curious to hear your experiences with PKI on or off-list. Thanks. Curt Wilson SIUC IT Mike Wiseman wrote:
Hello, I'm interested to find out if institutions are implementing policies/practices/services on using email with sensitive or confidential content. I'm thinking of staff working in HR, administration, financial, admissions, network operations, etc. who want to (or do) use email and need end-to-end security services to reduce exposure to forgery and information compromise. Services such as email authentication (digital signing via S/MIME or PGP) and/or encryption (S/MIME, encrypted archives, key storage). The issue comes up occasionally and people like me give the usual 'don't do it - it's not secure' line. I'd like to look at recommending products and/or providing the services required. Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto
-- Curt Wilson IT Network Security Officer Southern Illinois University Carbondale 618-453-6237 GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc
Current thread:
- Email Security Policies/Practices for Staff Mike Wiseman (Nov 28)
- <Possible follow-ups>
- Re: Email Security Policies/Practices for Staff Jeff Giacobbe (Nov 28)
- Re: Email Security Policies/Practices for Staff Brian Epstein (Nov 28)
- Re: Email Security Policies/Practices for Staff Paul Russell (Nov 28)
- Re: Email Security Policies/Practices for Staff Curt Wilson (Dec 01)
- Re: Email Security Policies/Practices for Staff Mark Poepping (Dec 02)