Encryption Policy

 

Policy No:  1.10                                                                                                                                                           Printable Version 

 

PURPOSE

 

The purpose of the Encryption Key Policy is to make certain that encryption keys are securely managed throughout their life cycle.  It is imperative that they are created, stored, used and destroyed in the appropriate manner in all situations so that critical and confidential information is protected from unauthorised persons.  It is important that these keys be accorded the highest levels of security available and that staff and managers are aware of their responsibilities.

 

SCOPE

 

This policy affects all users of computer systems and networks responsible for the management and use of encryption keys.

 

POLICIES

 

1.      Encryption Use

1.1     Encryption must be used to encode data where the risk of loss through theft or interception is high, where there is the potential for a major security breach should that data get into the hands of unauthorised persons and where the loss of the data would have a major impact on The Fake Chicken Company's business. 

 

 

Anti Virus Policy

Computer Systems and Equipment Use Policy

Computer Systems and Equipment Use Policy - Protect Systems from Harm

E-Commerce Policy

Email Policy

Information Management Policy

Network Management Policy

Password and Authentication Policy

Remote Access Policy

 

...and more

 

2.      Encryption Standards

2.1           If encryption is used Government approved standard algorithms and standard implementations (such as cipher-block chaining) must be employed and it is preferred that DES (Data Encryption Standard) is used. 

 

 

 

...and more

3.      Non-Disclosure

 

3.1      Encryption  keys  are a  most sensitive type of information, and access to such keys must be strictly limited to those who have a “need to know”...

 

 

Computer Systems and Equipment Use Policy 

...and more

 

4.      Design and Generation of Keys

 

4.1      The Fake Chicken Company cryptographic systems must be designed such that no single person has full knowledge of any single key...   

 

 

 

...and more

 

5.      Protection of Encryption Keys During Use

 

5.1      If encryption is used, the information protected with encryption must be transmitted over a different communication channel than the keys used to govern the encryption process... 

 

 

 Top

...and more 

 

6.      Management of Encryption Keys

 

6.1      Key management responsibility may only be delegated to a trusted The Fake Chicken Company staff member who has passed a background check and signed a confidentiality agreement.

 

 

 

..and more

 

Top

© 2004 All Rights Reserved Kaon Security Ltd