Managing Encryption
Even with the legal questions surrounding the use of encryption, it is a good tool to ensure the privacy of network communications. When developing your organization’s policies, you should start with the management responsibilities of using encryption. For example, some organizations will require that management approve the use of encryption. Management, in turn, will be responsible for certifying its use only after verifying any legal issues. This policy can be stated as follows:
Management shall approve all use of encryption within the organization. Prior to approval, management shall verify that its use complies with all applicable laws and regulations.
Compliance with laws and regulations can be limited to ensuring ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
