Skip to main content
Sign In |
  Help (new window)

Policies

Go Search
Home
  
Policies > Wiki Pages > Encryption Policy  

Encryption Policy

View All Site Content

Recent Changes

Purpose:

Encryption used to protect critical business information must be in accordance with Worcester State cryptographic standards and practices.

 

 

Statement:

Encryption will be used to greatly increase the level of effort and difficulty for unauthorized users to gain access to sensitive or confidential data.

 

 

 

Description:

 

  • Enterprise information may not be encrypted by anything other than Worcester State approved encryption algorithms and supporting processes.
  • Users must verify that encrypted information can be decrypted before deleting the original, clear text data. Data recovery encryption key escrow must be performed in accordance with processes approved by the Data Security Officer.
  • Users are strongly encouraged to store private and/or highly sensitive date in an approved Worcester State College enterprise database. Private and/or highly sensitive data must be encrypted if it does not reside in an approved Worcester State College enterprise database. Data encryption must occur real-time.
  • Users are encouraged to store encrypted volumes on a secure network location.
  • Key size shall be not be less than the minimum standard established by Information Technologies.

 

 

 

Additional Information:

  • Bitlocker is free and included with Vista and Windows 7. 
  • Bitlocker is easy to use, integrates with ADS, and uses current WSC Network password schema in place (NB: There is no need for separate password.)  Bitlocker enables IT to reset the encryption password as needed with no data loss.
  • Full disk encryption must be installed and configured by IT.
  • Bitlocker would require that computers be upgradeable to Vista/Windows 7.  IT is ready to make this move on the designated units.  If a unit cannot be upgraded to Vista, IT will useTrueCrypt.
  • TrueCrypt is not integrated with ADS; users are obligated to remember their disk encryption password.  If a Truecrypt password is lost, the unit will be reimaged.  To avoid this, users are encouraged to escrow their encryption password with IT.

 

 

Approved By: Don Vescio

 

 

Date of Origination: 5/9/2008

 

Last Review: 6/29/2010

 

Last modified at 6/29/2010 9:16 AM  by Vescio, Donald