Re: Encryption of exam papers

[John Ladwig <John.Ladwig () SO MNSCU EDU>]

Do Microsoft's Office products offer any paw word-quality controls on their AES-256 encryption?  Last time I looked, it 
didn't appear there were any.  Which isn't to say they aren't there (now).

    -jml

--
Sent from my iPhone. This message is a co-production with Autocorrect.


On 13 Jan 2014, at 14:44, "randy" <marchany () VT EDU<mailto:marchany () VT EDU>> wrote:

There's one very important thing that's missing from this discussion. Everyone has considered having a robust 
authentication system, way to restrict # of downloads, encryption of the files in transit.

No one has mentioned encrypting the file at rest. A lot of times data owners aren't diligent in WHO can access their 
cloud folder/box. We've seen students get access to the equivalent of world-readable folders. :-) For this reason, I 
feel file-level encryption is critical.  I'd like to suggest a couple of straightforward solutions to this part of the 
problem:

1. Microsoft Office 2007 and newer actually do real-person file encryption. It's symmetric - you pick a password to 
encrypt the file. It's AES 256 bit.
2. PDF/Adobe 10 or newer has an encryption feature that again actually does real-person encryption as well. It can be 
symmetric or certificate based.

Of course, you can get PGP-style solutions.
Just a thought......

-Randy Marchany
VA Tech IT Security Office & Lab


On Mon, Jan 13, 2014 at 10:42 AM, Semmens, Theresa <theresa.semmens () ndsu edu<mailto:theresa.semmens () ndsu edu>> 
wrote:
Kees,

At your institution, who is using the product?  Is it just for exam papers, or do you use it for anything other 
protected data?

Theresa

Theresa Semmens, CISA
NDSU Chief IT Security Officer
Office: 210D IACC
Mail: NDSU Dept 4500
PO Box 6050
Fargo, ND 58108-6050
P: 701-231-5870<tel:701-231-5870>
F: 701-231-8541<tel:701-231-8541>
E: Theresa.Semmens () ndsu edu<mailto:Theresa.Semmens () ndsu edu>
www.ndsu.edu/its/security<http://www.ndsu.edu/its/security>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Kees Leune
Sent: Monday, January 13, 2014 7:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Encryption of exam papers

We recently deployed FileSender, a Free Open Source Project sponsored by many of the European REN's. See 
https://www.assembla.com/spaces/file_sender/wiki for more detail.

Dr. Kees Leune
Information Security Officer
Adelphi University
Garden City, NY
+1 (516) 877-3936<tel:%2B1%20%28516%29%20877-3936>

On Mon, Jan 13, 2014 at 4:48 AM, Eoin Dunne <eoin.dunne () dit ie<mailto:eoin.dunne () dit ie>> wrote:
Hello Everyone,

I’m trying to find some best practices for securely distributing exam papers between Faculty and the Exams office. 
While the academics’ laptops are encrypted, it’s the unsecure circulation that creates a risk and I was wondering what 
approaches were being taken elsewhere.

Many thanks for all your help,

Eoin.

--
Eoin Dunne
IT Compliance Officer,
Information Services Department,
Dublin Institute of Technology,
143 Lower Rathmines Road, Dublin 6, Ireland.
• +353-1-402 3453 (direct line)
• eoin.dunne () dit ie<mailto:eoin.dunne () dit ie>
i www.dit.ie<http://www.dit.ie/>