Presentation is loading. Please wait.

Presentation is loading. Please wait.

To Encrypt or Not Encrypt

Published byDrusilla Underwood Modified over 7 years ago

Similar presentations

Presentation on theme: "To Encrypt or Not Encrypt"— Presentation transcript:

1 To Encrypt or Not Encrypt
Jerry Wynne, CISA, CISSP, CIRSC Vice President of Security, CISO

2 Disclaimer This document and any oral presentation accompanying it are not intended/should not be taken as necessarily representing the policies, opinions, and/or views of Noridian Mutual Insurance Company, Blue Cross Blue Shield of North Dakota, Noridian Healthcare Solutions, any of their component services, or any other affiliated companies. This document and any oral presentation accompanying it has been prepared in good faith. However, no express or implied warranty is given as to the accuracy or completeness of the information in this document or the accompanying presentation

3 Agenda Level Setting AES What should we encrypt? Real Life Examples
Questions

4 Who am I? Currently employed by Noridian Mutual Insurance Company
DBA: Blue Cross Blue Shield of North Dakota an independent licensee of the Blue Cross Blue Shield Association DBA: Noridian Healthcare Solutions Assisting: Three other Healthcare plans with Security Vice President of Security, Chief Information Security Officer (CISO) Responsible for both Electronic and Physical Security 3200 employees, 20+ locations coast to coast Staff of 70+, physical and electronic security professionals Certifications include: Certified Information Systems Auditor (CISA) Certified Information System Security Professional (CISSP) Certified in Risk and Information System Control (CRISC) Over twenty years experience in Electronic Security, with over fifteen years of leadership in Electronic Security

5 Level Setting Encryption Definitions and Information:
Encryption is the process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information so that only authorized parties can view it. This includes files and storage devices, as well as data transferred over wireless networks and the Internet.

6 Level Setting Encryption Definitions and Information:
You can encrypt a file, folder, or an entire volume using a file encryption utility. Some file compression programs can also encrypt files. Even common programs like Adobe Acrobat and Intuit TurboTax allow you to save password-protected files, which are saved in an encrypted format.

7 Level Setting Encryption Definitions and Information:
An encrypted file will appear scrambled to anyone who tries to view it. It must be decrypted in order to be recognized. Some encrypted files require a password to open, while others require a private key, which can be used to unlock files associated with the key.

8 Level Setting Data at Rest encryption definitions and information:
The easiest way to answer this question is to explain what "data at rest" means. Data at rest encryption basically means protecting data that's not moving through networks. Data at rest refers to data that is not "moving." Information on your laptop or USB Stick is considered data at rest. As long as the data is not moving off the laptop's hard disk drive, it's considered data at rest.

9 Level Setting Data in Transit encryption definitions and information:
The easiest way to answer this question is to explain what "data in transit" means. Data in transit encryption basically means protecting data that's moving through networks. Data in transit refers to data that is "moving." is considered data in transit. Data being moved onto a USB stick is data in transit.

10 Level Setting Types of Modern Encryption
There are basically two different types of encryption: Symmetric key algorithms use related or identical encryption keys for both encryption and decryption. Asymmetric key algorithms use different keys for encryption and decryption—this is usually referred to as Public-key Cryptography

11 The Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES), also known by its original name Rijndael is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

12 The Advanced Encryption Standard (AES)
AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES), which was published in The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

13 So why all the history? Encryption is not necessarily cut and dry, using the wrong type of encryption or the wrong level of encryption can be the equivalent of not using any encryption.

14 So what should we encrypt?
Step One: What is the sensitivity / risk of exposing that data? Formally assigned data classification Public vs private Sensitive vs not Sensitive Etc.

15 So what should we encrypt?
Step Two: Where is my Data? Local PC’s Virtualization? Local Server storage? USB’s Shadow IT Clouds?

16 So what should we encrypt?
Where is my Data? Data Map Data Inventory Data Tagging

17 Portable Data vs. Data Center Data
Another key point of consideration: Is the data portable? Laptops Backups USBs Phones? Tablets

18 Options for Encryption
Specific File Whole Disk Encryption Encryption of data streams

19 Real Life Examples Does encryption matter during data breaches? BCBSTN
Anthem

20 Questions?

21 References Slides 5-7: https://techterms.com/definition/encryption
Slide8: hive/2009/03/13/what-is-data-at-rest-encryption.aspx Slide 10: what-is-encryption-and-how-does-it-work/ Slide 11 :

Download ppt "To Encrypt or Not Encrypt"

Similar presentations

Meganet Corporation VME Office 2004. Meganet Corporation Meganet Corporation is a leading worldwide provider of data security to Governments, Military,

Meganet Corporation VME Office Meganet Corporation Meganet Corporation is a leading worldwide provider of data security to Governments, Military,
Encryption – First line of defense Plamen Martinov Director of Systems and Security.

Encryption – First line of defense Plamen Martinov Director of Systems and Security.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.

Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.
L a r y s s a J a c k i e &. Founded in 2003, DocuSign is committed to transforming the way people like you work, live and connect by providing the freedom.

L a r y s s a J a c k i e &. Founded in 2003, DocuSign is committed to transforming the way people like you work, live and connect by providing the freedom.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.

STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.
Challenges of Securing Clinical Data in a Cloud- centric World Patty Furukawa – Assistant Dean for IT University of California-Irvine School of Law Doug.

Challenges of Securing Clinical Data in a Cloud- centric World Patty Furukawa – Assistant Dean for IT University of California-Irvine School of Law Doug.

Similar presentations

Ads by Google