Re: Email Encryption

[Richard Applebee <rapplebee () WESTERNU EDU>]

You also have to keep in mind legal discovery issues.

Richard Applebee
Network Architect
V (909) 469-5662
F (909) 706-3460
Western University of Health Sciences

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jones, 
Dan
Sent: Monday, July 25, 2011 12:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Email Encryption

Kevin,

I could see doing this in the case of a teaching hospital that passes lots of PHI via the mail system, or a research 
institution that is doing a lot of DOD work. However if the information being protected does not rise to this level, 
the expense of encrypting all email traffic is most likely not justified.

Dan Jones
CISO
UMass Medical School

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin 
Casey
Sent: Monday, July 25, 2011 2:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Email Encryption

We've been encouraged by an outside security firm to encrypt every blessed note that passes through our Exchange 
server.  This firm deals largely with entities such as banks, and I'm wondering if this is over-kill in the context of 
higher ed.

Any thoughts regarding "best practices" on this?

Thanks,

Kevin

__________________________________________
Kevin Casey
Executive Director
Information Resources
Phone:  (207) 941-7123
Fax:  (207) 941-7988
caseyk () husson edu<mailto:caseyk () husson edu>




 Husson University

 www.husson.edu<http://www.husson.edu/>