Encryption from a Management Perspective
Thursday, January 3, 2008
Posted by: Christine Leja, CDP
Data security has risen as a key issue for the Information Technology industry. Security breaches reach the news all too frequently. What management processes are needed to protect Personal Identity Information (PII) and corporate and institutional data?
The white paper, "A Management Perspective of Encryption Today" written by the AITP Research and Strategy Advisory Group (RASAG), highlights the state of encryption today and identifies "best practices" rather than analyzing algorithms. Encryption is viewed as a deterrent for PII and corporate theft and many states have offered a "safe haven" from public disclosure if encryption is used. So how is data protected as it moves from a secured network server to a laptop, USB drive or smartphone? How will mobile workers keep data protected?
Encryption began its industry growth in the 1990s. Only recently have encryption and security processes taken a fore-front of thought in the IT systems and services life cycle. This white paper has collected best practices learned from vendor interviews and IT management processes to formulate a living outline of best practices. At this time, there is little literature focused on security and encryption processes that are embedded in the work environment. Encryption products abound, but, it is the IT industry that has begun to look deeply into its IT management processes to establish sound security and encryption processes that permeate the whole business process. Implementing best practices and following a continual quality improvement process will better data security in all its "data states" and press vendors to produce products and services that keep our data safe.
AITP RASAG extends a challenge to the AITP members to press vendors for forward-thinking products and services. The Internet industry can remain vibrant and growing with a channel of communication and a continual improvement in quality processes that leaves the "bad hats" outdated and the "good hats" in charge.
The white paper focuses on:
- Include security when developing or upgrading an application system
- Manage the physical environment from smartphones to computer rooms
- Secure transportation of data
- Secure static and dynamic data
- Build and maintain a security awareness program for customers and employees
- Proactively manage policies and procedures
The research findings and recommendations are posted on the AITP web site at the AITP Reserach Projects page and permission has been granted for personal and non-commercial use by any and all interested parties. AITP asks that if any information is used from the white paper that AITP receive credit by pointing the reader to http://www.aitp.org/?page=ResearchProjects.
The mission of RASAG is to:
Research trends and directions in the IT industry, state the findings and conclusions drawn from the research, recommend AITP strategy positions, and reevaluate existing AITP strategy positions based on new findings.
AITP leaders and IT executives (from academia and industry, government and legal sectors) who contributed to this white paper and are a member of RASAG include:
AITP RASAG is seeking additional members. If you have CIO responsibilities and would be interested in participating, please contact Christine Leja, Chair of AITP RASAG, at Christine.firstname.lastname@example.org
- Christine Leja, CCP, CIO at Southwestern Illinois College, Belleville, IL
- Richard C. Barnier, Partner/Chairman, Barnier Group, LLC, Glen Ellyn, IL
- Charles L. Brown, CCP, Manager of Integrated Justice Applications for the San Diego (CA) County Sheriff's Department
- Paul F. Ditmann, Director, Pathfinder Associates, LLC, Chicago, IL
- Robert Heimann, CVP Information Services, The Boldt Company, Appleton, WI
- J. T. Westermeier, JD, CCP, Partner, DLA Piper US, LLP, Reston, VA