Business continuity in the event of a disaster, such as the endangerment of data access (loss of key personnel or passwords) for a University owned computing device is a serious concern, as is the concern that a Yale-owned computing device could use encryption to hide illegal activities. To support preservation of access to important data, the University has developed recommendations for data recovery (salvaging data stored on damaged media, such as magnetic disks and tapes) of encrypted persistent data (information that endures beyond a single instance of use). These encryption implementation guidelines, including endorsed software and procedures, will be updated as technical solutions and University requirements change. (See Policy 1607 Information Technology Appropriate Use Policy section 1607.2 Conditions of University Access.) A staff member may only encrypt with the permission of his or her supervisor. Users who have encrypted Yale data using methods other than those endorsed by the University are expected to decrypt this data upon request by a university official. Users encrypting information are required to use only the endorsed software and protocols. The University makes available software and protocols endorsed by the Information Security Office (“ISO”) that provide robust encryption, as well as the capability for properly designated University officials to decrypt the information, when required and authorized under Policy 1607. ![]() Users of Moderate Risk and High Risk data, as defined by Yale Policy 1604 Data Classification Policy, are required to encrypt files, documents, and messages for protection against inadvertent or unauthorized disclosure while in storage or in transit over data networks, while other users are encourage to use encryption where appropriate.
0 Comments
Leave a Reply. |