encryption – first line of defense plamen martinov director of systems and security
TRANSCRIPT
![Page 1: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/1.jpg)
Encryption – First line of defense
Plamen MartinovDirector of Systems and Security
![Page 2: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/2.jpg)
Agenda
• Encryption basics• Importance of encryption• Encryption solutions
– Laptops/Desktops– USB/CD– Email/Cloud
![Page 3: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/3.jpg)
What is Encryption?• Encryption is a security process that scrambles
information. It changes information from a readable form into something that can not be read unless you have the key.
This:
Rmvtu[yopm dhqht3w 3qtq isem ze mrxephlebl oermzq
…so ONLY the person with the decryption key or password can read the information
Becomes something like this:
Encryption changes data into an unreadable format
![Page 4: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/4.jpg)
Encryption vs. Passwords• Having a password does not necessarily mean
something is encrypted.– Passwords by themselves do not scramble the information.
• If something is only “password protected,” it is not enough protection - someone could bypass the password and read the information.
Original Password Protected Encrypted
![Page 5: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/5.jpg)
Why is Encryption Important?
Encryption protects confidential information and helps keep it private!
• Statistics show that as many as one in ten laptops will be stolen or lost from an organization over the lifetime of each computer
• Laptops and USB devices can be easily lost or stolen
![Page 6: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/6.jpg)
Why is Encryption Important? (Cont’d)• HIPAA – Health Insurance
Portability and Accountability Act to ensure confidentiality of patient health information
• Regulatory efforts impose stiffer fees and fines in the event that a breach occurs and steps are not taken to appropriately protect sensitive data
• Breach Notification Laws - require notification if information was not encryptedEncryption technologies can assist with ensuring the confidentiality of patient health information and also serve as a strong measure of protection against
today’s commonly anticipated threats, such as unauthorized access, modification, and disclosure.
![Page 7: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/7.jpg)
HIPAA Fines
• April, 2014 - OCR levies $2 million in HIPAA fines for stolen laptops: – $1,725,220 against Concentra Health Services for
an unencrypted laptop that had been stolen from one of Concentra Health Services facilities.
– $250,000 against QCA Health Plan, Inc. of Arkansas after an unencrypted laptop containing personal health information for 148 people was stolen from an employee's car.
![Page 8: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/8.jpg)
High Risk Confidential Information:
A person’s name or other identifier, in conjunction with:
• Personally-identifiable Medical Information• Dates (birth date, admission date, discharge date, etc.)• Social Security number• Driver’s license• State ID or Passport number• Biometric information• Medical Record # (MRN)• Health Insurance #
Other Confidential Information:
• Human Subjects information• HR Records• Credit Card Information
• Whatever you considers confidential
What to Encrypt?
![Page 9: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/9.jpg)
BSD Encryption SolutionsType Encryption Solutions Cost/Impact Purpose
Apple
Filevault 2
$0; native security feature, easy setup; vendor-supported; AES 128 encryption for data protection; can store recover key with Apple; well-documented install guide.
Encrypt the contents of your entire drive; Solution will work for personally owned and BSD-owned laptops.
CBIS Credant**$60; CBIS installed and managed; CBIS technical staff required to restore system.
Solution will only work with BSD-owned laptops.
Windows
BitLocker*$0; native security feature; AES 128-bit and 256-bit; some hardware dependencies.
Encrypt the contents of your entire drive. Solution will work for personally owned and BSD-owned laptops.
CBIS Credant**$60; CBIS installed and managed; CBIS technical staff required to restore system.
Solution will only work with BSD-owned laptops.
* To use BitLocker, your laptop must be equipped with a Trusted Platform Module (TPM) chip, and it must be enabled. ** CBIS Credant is a commercial software solution installed and supported by CBIS. There may be licensing and support fees associated with this product. Contact CBIS for more information.
![Page 10: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/10.jpg)
BSD Encryption Solutions (Cont’d)Type Encryption Solutions Cost/Impact Purpose
Files/Volumes
Filevault 2 $0; native for Apple devices; AES 128 encryption for data protection; capable of creating secure disk images and file volumes
Creates secure disk images and files for data sharing via email, cd or cloud
AxCrypt$0; has native versions for both Window and Apple; Uses strong compliant encryption.
Creates secure disk images and files for data sharing via email, cd or cloud
External Storage
Aegis Secure USB Key
$65; unlocks with onboard PIN pad, 256-bit AES hardware-based encryption; PIN activated 7-15 digits -Alphanumeric keypad
Securing transport of data, documents, and presentations
Aegis Padlock Fortress
$250; Secure PIN Access; Real-time 256-bit Military Grade AES-XTS Hardware Encryption; Software free design - No admin rights required; Water and Dust Resistant
Securing transport of data (500GB +), documents, and presentations.
![Page 11: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/11.jpg)
11
Good Security Standards follow the “90 / 10” Rule:• 10% of security safeguards are technical• 90% of security safeguards rely on the computer user
(“YOU”) to adhere to good computing practices
The lock on the door is the 10%. You remembering to lock, check to see if it is closed, ensuring others do not prop the door open, keeping control of keys is the 90%.
Security – “Isn’t this just an I.T. Problem?”
![Page 12: Encryption – First line of defense Plamen Martinov Director of Systems and Security](https://reader035.vdocument.in/reader035/viewer/2022062407/56649c985503460f94954ce4/html5/thumbnails/12.jpg)
Resources & References • Center for Research Informatics
– Cri.uchicago.edu• BSD HIPAA Program Office
– Hipaa.bsd.uchicago.edu• Apple Encryption – FileVault 2
– http://support.apple.com/kb/ht4790• Windows Encryption - Bitlocker
– http://windows.microsoft.com/en-us/windows-vista/bitlocker-drive-encryption-overview
• Files/Volumes Encryption – Axcrypt– http://www.axantum.com/axcrypt/
• External Storage Encryption – Aegis Secure Storage– http://www.apricorn.com/aegis-secure-key.html