The following is an example of an encryption plan to educate employees of a fictional company.
Memo
To: |
Tech World, Inc. Employees.
|
From: |
William Donaldson, Senior IT Lead
|
Date: |
10/12/17
|
Re: |
Proposed Encryption Plan
|
1 Purpose-
The purpose of this proposed encryption plan is to outline the methods our company will use to encrypt its confidential data. Encryption is defined as the method of scrambling text (ciphertext) to make it unreadable to users without proper authorization. Files, folders, USB drives, as well as entire disks within a computer can be decrypted. This is important due to the always increasing threat from hackers and careless employees and the drastic consequences that security breaches can have. Any data that can be potentially used to identify an individual, group or company must be protected against unauthorized access during all stages of data storage, transfer, and input. This information is at risk in all situations, such as when it is transmitted across unsecured networks, memory devices, and even when stored in portable devices.
2. Summarized Encryption Plan-
a. Types of Computer Encryption-
1. Volume Encryption- We will create secure ‘containers’ to hold our valuable and sensitive files and folders.
2. Full-Disk/Whole-Disk Encryption- This is the most complete form of encryption. We will use this method to simply encrypt all files and folders on an entire disk.
b. Built-In Encryption Programs- Modern versions of Windows, Linux, and OS X operating systems use built-in encryption tools, which we will use. Microsoft’s BitLocker tool is developed to work with a TPM (Trusted Platform Module) chip, which stores the disk encryption key. BitLocker issues and saves a recovery key, as well as require a PIN. As our company uses only Microsoft products, I will not elaborate on Apple’s FileVault encryption tool. However, those who use personal Apple computers will need to have this enabled and properly configured. We will also discuss forbidding the use of private devices, as this can cause problems.
c. Third-Party Encryption Programs- While there are built-in encryption programs in the operating systems we use, after we discuss which encryption plan our company will choose based on this memo, we might end up going with a third-party encryption plan. There are numerous programs we can choose from, such as VeraCrypt, DiskCryptor, and TrueCrypt. When it comes down to which program works the best, the deciding factors involve what we need to decrypt, the type and sensitivity of the information that needs decrypting, as well as the performance of the program we choose.
3. Tips for Proceeding with Encryption-
a. Before enabling encryption on a computer, all files should be backed up.
b. Additionally, the operating system’s installation media should be kept secure, as well as the emergency boot disk. This can be held on removable media.
c. After encryption is achieved, regular computer backups should be performed, because if an encrypted computer crashes or corrupts, those affected files can be lost forever.
d. For choosing PIN and passcodes, there should be advanced requirements. Requiring a combination of letters, special characters, and numbers is recommended; the more complex, the better. Also, these passwords should be changed at regular short intervals to further advance security.
e. Using a VPN (Virtual Private Network) to access the network remotely creates a secure tunnel, thus encrypting the data that is being sent or received.
Categories: Example Documents
Securing The Universe 