Security Initiatives: Encryption

Campus Links

About Information Security

General Information

Policies & Procedures

Security Awareness

Departments

FAQ

Site Map

View Sitemap

IITS
Coyner Building
201 High Street
Farmville, VA 23909

Voice: 434-395-2034
Fax: 434-395-2035
E-Mail: iits@longwood.edu

News & Alerts

IITS Policy Review Process is underway until December 11th!
click for more...

Report a Violation

Violation Reporting

The best way to report a problem is to send an e-mail to abuse@longwood.edu and include a complete description of the problem.

click for more...

Information Security

434-395-2034
Fax: 434-395-2035
infosec@longwood.edu

Quicklinks

Encryption

As the university will begin requiring the storage of restricted data only on network drives (see the Data Storage Initiative) we recognize that there will be cases in which the storage of restricted data on non-network drives, including office desktop computers and mobile devices, cannot be prevented. When storage of restricted data on non-network drives is permitted, encryption will be required. The purpose of this initiative is:

To establish a process for approving the storage of encrypted restricted data on non-network drives
To develop guidelines for the management and distribution of encryption technology by IITS

How will this change affect me?

Approval for storage of encrypted sensitive data on non-network drives
In order for restricted data to be stored on non-network drives there must be a documented business or technical justification, an assessment of all risk and approval of the university president. A formal process for achieving approval will be developed.

Management and distribution of encryption technology
When storage of restricted data on non-network drives is approved, encryption will be required as a control.

Encryption is a method of making data unreadable to unauthorized individuals. To be effective encryption technology will be centrally managed and distributed by IITS.

Encryption is useful in protecting data because access to the data is limited to those who have access to an “encryption key” which transforms the data into and out of an unreadable form. In general encryption is not beneficial if too many people have access to the encryption key and conversely encryption is not beneficial if only 1 person has access to the encryption key.

All encryption technology is not the same so minimum standards have been established and will be maintained by IITS to ensure that encryption technology approved for use provides effective protection of data.

Encryption is not a sufficient safeguard for permitting university data on personal devices.

When will this change happen?

First, the university must complete the data classification as described in the Data Classification and Risk Assessment Initiative. Once restricted data is identified the Data Storage Initiative will take effect as the sensitivity of data will influence data storage decisions and encryption may be adopted for protection of sensitive data stored on non-network devices.

Who can I contact with questions or concerns?

Contact information for the Information Security Office is listed to the right.

Last updated:

August 27, 2009