• About Us
• Services
• Labs & Facilities
• Help & Instruction
• Policies, Procedures & Standards
• Search
  CCC site only
  All WPI IT sites
  
• CCC Home
• Quick Links
  • Helpdesk
  • Software Instruction
  • Network Operations
  • Telecommunications
  • Web Information System

Archive - Guidelines for Encryption of Sensitive Information

Purpose

The purpose is to reduce the risk of a data exposure attributed to a WPI breach.

Background

Encrypting sensitive information increases overall information security, mitigates some financial risk and meets compliance guidelines for state and federal regulations. By reducing the risk of a breach we reduce an individual’s risk of data exposure which could expose one to identify theft. WPI’s financial risk is also reduced by not having security breaches which could result in adverse negative publicity, adversely impact WPI’s competitive advantage, and break non-disclosure & other legal agreements.

Data encryption has become a standard by the Commonwealth of Massachusetts Consumer and Business Regulation Division to protect personally identifiable information.

NOTE: This is an interim guideline pending a more complete solution made available and deployed by the WPI Information Technology Division. Followers of this guideline should expect other additional solutions will be made available.

Scope

The scope includes portable devices storing sensitive information. Portable devices include, but are not limited to, the following equipment.

• Laptops and other portable computers
• Desktops located off-campus
• Computers accessed by multiple people
• Computers lcoated in unsecured locations
• CDs, DVDs, and USB storage

Guidelines

• Computers/Systems
  WPI provides systems on the Administrative domain that can be used to encrypt specific directories and limit access to just that specific user on a system. This capability should be applied on high-risk systems like those that routinely leave the main campus, systems which have multiple users and computers in unsecured locations or large multi-person offices.
• Data Storage
  Users who have or handle sensitive information should utilize a personal encrypted drive to store sensitive data. WPI supports TrueCrypt, an open-source solution. Encrypted containers using this software can reside on CD-ROMs, DVDs, and USB storage devices as well as on hard drives themselves. This is the recommended way of storing data in portable media for transport.

Questions and Help

For assistance, contact the Information Security Office at itsecurity@wpi.edu.

Revision:

December 2, 2008: The Information Technology Division endorsed this standard.

Maintained by itweb
Last modified: Oct 13, 2009, 20:48 UTC

Computing and Communications Center - Worcester Polytechnic Institute
100 Institute Road, Worcester, MA 01609-2280
Phone: +1-508-831-5136 - Fax: +1-508-831-5483 - itweb