Educause Security Discussion mailing list archives
Re: Email Encryption
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Mon, 25 Jul 2011 15:16:26 -0400
On 07/25/2011 02:52 PM, Kevin Casey wrote:
We've been encouraged by an outside security firm to encrypt every blessed note that passes through our Exchange server. This firm deals largely with entities such as banks, and I'm wondering if this is over-kill in the context of higher ed. Any thoughts regarding "best practices" on this?
We run a filter on our mail exchange that bounces messages containing "sensitive information", like SSN or PCI, back to the sender with a note telling them to encrypt or find another avenue. It seems like a good compromise, with a bit of user training thrown in. -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Email Encryption Kevin Casey (Jul 25)
- Re: Email Encryption David Curry (Jul 25)
- Re: Email Encryption David C Kovarik (Jul 25)
- Re: Email Encryption McClenon, Braden (Jul 25)
- Re: Email Encryption Russ Leathe (Jul 25)
- Re: Email Encryption Matthew Gracie (Jul 25)
- Re: Email Encryption Lang, Matthew (Jul 25)
- Re: Email Encryption Valdis Kletnieks (Jul 25)
- Re: Email Encryption Tim Doty (Jul 25)
- Re: Email Encryption Valdis Kletnieks (Jul 25)
- Re: Email Encryption Jones, Dan (Jul 25)
- Re: Email Encryption Richard Applebee (Jul 25)
- Re: Email Encryption SCHALIP, MICHAEL (Jul 25)
- Re: Email Encryption David Opitz (Jul 25)
- <Possible follow-ups>
- Re: Email Encryption Joe St Sauver (Jul 25)
- Email Encryption Dunker, Mary (Jul 26)
- Re: Email Encryption SCHALIP, MICHAEL (Jul 26)
- Re: Email Encryption David Curry (Jul 25)