Expert Advice Community

Guest

Use of encryption

  Quote
Guest
Guest user Created:   Sep 08, 2019 Last commented:   Sep 08, 2019

Use of encryption

In the past years, encryption has become a key control for protection of integrity and confidentiality of data. Many organizations use encryption technology such as disk encryption provided by the OS with managed keys. I am surprised to see this statement as not allowed per IT Security Policy:

auf einem lokalen Rechner Kryptographie (Verschlüsselung) zu nutzen, außer in den Fällen, die in der Richtlinie zur Klassifizierung von Informationen

(Use cryptography (encryption) on a local machine, except in the cases specified in the Information Classification Policy)

This seems to be an old control to ensure availability. In my view, any organization should make it mandatory to use the corporate encryption solution – and central key management.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 08, 2019
First it is important to note that this impediment is not absolute. If your organization's Information Classification Policy defines the use of encryption with central key management as a general solution for all information classification levels, than the IT departmen t can implement it as you described.
The use of encryption solutions must be considered wisely because it can have some potentially restrictions or negative consequences, e.g., in some countries the usage of encryption is defined by law; also if an employee leaves the company and all his data is locked on a encrypted disk, then the company cannot access this data.

This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 08, 2019

Sep 08, 2019

Suggested Topics

Guest user Created:   Jul 22, 2021 ISO 27001 & 22301
Replies: 1
0 0

Key management template