数据加密

Secure 数据加密 on Portable Storage Devices

The LCTCS Office of Information Technology policy on portable device data security states:

All sensitive data that is stored on agency approved portable storage devices (Notebook PCs, u盘, USB硬盘, cd, dvd, 磁盘, pda, 等.) that are removed from the state premises must be encrypted and consistent with OIT STD 023 (Encryption Standard). — 它- pol - 014

So, what can you do to protect data that you have in your possession?

第一个, let’s start with some possible sensitive data you might have and how you can protect it and yourself. 有关您的敏感资料, 学生, 教员, and employees can live anywhere that you store digital information including a desktop computer, 一台笔记本电脑, 一个掌上电脑, 闪存盘, 或其他可记录媒体.

学生资料(成绩、ssn等.) also needs to be protected and treated as sensitive data. While it’s convenient to copy files onto portable/mobile devices and media, what information do you really need to be with you at all times? Theft of portable devices is a very serious problem and having data stolen is becoming a large problem too.

什么是加密?

加密是对数据进行编码的一种方法. The purpose of encryption is concealment, or more specifically, security and confidentiality. Things like digital signatures are often confused with encryption, 但他们并不关心隐藏, 相反,它们处理的是正直和真实, 或者更简单地说, verifying a sender and that the contents of a message have not been changed.

电子邮件 sent without encryption is like a postcard; others can see the contents if they use special tools to pry. 使用加密, only the recipient of the message can open and view the contents of the e-mail. It’s like putting it in an envelope and sending it by registered mail. Data other than e-mail can also be stored encrypted so that others cannot easily see its contents.

我为什么要关心加密?

Typically, encryption is not needed for standard, day-to-day activities. In order to determine if you have digital data that needs to be encrypted, here are some basic guidelines that can be used to determine if encryption is worth implementing. If you answer yes to any of these basic questions, then you should to consider using some form of encryption.

  • 我的数据敏感吗?? 如果有,如何? If your data contains information that is sensitive only to you, and its disclosure does not impact other people’s privacy, 那么加密数据值得吗? 相反, 如果披露会影响其他人的隐私, 那么你绝对应该考虑加密. (Personal information can be defined as an individual’s name in combination with the individual’s social security number; driver’s license or campus-wide identification number; or account number or creditor debit card with security codes or passwords.)
  • Are there already safeguards in place to protect my data? 如果您的数据不便携, 不能公开访问, then physical compromise is likely the only real threat. Is this threat enough to warrant encryption of data? 如果您的数据是移动的(例如.e. on 一台笔记本电脑), then physical theft or compromise is a very real concern.
  • Are there policies or laws currently in place governing the data you have (FERPA, HIPAA, BPCC法规)? If so, what are those requirements and have you made due diligence in meeting them?

如何加密数据?

有很多不同的方法, 标准, and algorithms used to encrypt data that their discussion falls well outside of this document. Instead, a couple of very basic methods should cover most needs.

  • 电子邮件 – The most common method for encrypting e-mail is by using software like the GNU Privacy Guard (GnuPG, 可以在 www.gnupg.org. GnuPG is free and works on most operating systems and hardware platforms. Setup and use of the program are very well-documented on the GnuPG website.
  • 硬盘 – Please remember that it is never a good idea to encrypt your entire hard drive. Rather, pick and choose which folders should be encrypted. Also be aware that if you cannot unlock the files due to a hard drive failure or other issue, 这些数据可能会丢失. Caution: encryption uses keys, which, like passwords, can be lost or forgotten.
    • PC – An encryption application called VeraCrypt is free and available for 下载 和安装. 在VeraCrypt上 文档 页面,选择 初学者的教程. Follow the steps in the 初学者的教程 to learn how to utilize the VeraCrypt encryption software after installation.
    • MAC – VeraCrypt 也可用于Mac OS X.
  • 移动加密
    • 移动PC -除了VeraCrypt, products such as CyberAngel allow for a virtual disk to be created on your hard drive for encryption and require two-factor authentication (two types of passwords in most cases). These products also have the benefit of having additional features like “call home” where a stolen laptop will broadcast its location if stolen to help in its recovery. 你可以在 www.thecyberangel.com.
    • 手机/掌上电脑 – Downloading e-mail that has sensitive data is a concern.
    • 闪存 及可记录媒体 (cd, dvd, 磁盘)- Some flash drives come with their own encryption software as an option. If not, TrueCrypt can be used to create an encryption folder on the drive or recordable media. You will need to install TrueCrypt on your home or personal computer in order to access the encrypted files.