Handling Encryption and Encrypted Data
With all the consideration that has to be placed on using encryption, there is the tendency to try to write specific policies as to how to handle encrypted data. However, here is one area where you have to remember that the policies are supposed to be guidelines and that the specifics are to be left to the procedures.
Policies covering when to encrypt data are something that can be left to procedures. The purpose of policies in this area is to provide some guidance as to how to create those procedures. While considering this problem, one organization I worked with decided that data would be classified based on storage or transmission requirements. After a lengthy discussion, we decided that rather than ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
