Educause Security Discussion
mailing list archives
From: "Mclaughlin, Kevin L (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Thu, 1 Feb 2007 09:34:51 -0500
I was wondering what your approach or thoughts are surrounding:
1.) key management of Vista's built in Encryption capability - are
you going to try and centralize key management via Active Directory or
just let each individual hold their own keys?
a. My concerns with individuals holding their own keys are: what
if they get hit by a bus? What if we are asked by their Dean, the FBI or
local law enforcement to do a Forensic exam on their system?
2.) Are you going to establish a policy or guidelines that talk about
Faculty and Staff key encryption key management responsibilities? If so
would you mind sharing such a policy with us?
Kevin L. McLaughlin
CISM, CISSP, PMP, ITIL Master Certified
Director, Information Security
University of Cincinnati
<mailto:mclaugkl () ucmail uc edu>
CONFIDENTIALITY NOTICE: This e-mail message and its content is
confidential, intended solely for the addressee, and may be legally
privileged. Access to this message and its content by any individual or
entity other than those identified in this message is unauthorized. If
you are not the intended recipient, any disclosure, copying or
distribution of this e-mail may be unlawful. Any action taken or omitted
due to the content of this message is prohibited and may be unlawful.
- Vista Mclaughlin, Kevin L (mclaugkl) (Feb 01)