I'm asking on behalf of someone else who is trying to determine what others are doing to protect sensitive data on media that is removable. For example, backup disks/tapes. Is it sufficient for you to maintain a chain of custody over unencrypted media? Or do you require encryption of all such potentially removable media (tapes, removable disks, etc.)?
Note, I am not asking about the scenario where Joe User copies a file deliberately to a USB stick and walks off. This is dealing with cases where one has a specific process to know who has access to the media, where it is, and so on. For purposes of discussion, please ignore data governed by external certifications or audits (e.g. credit card numbers). This is dealing with data that is suitable to live unencrypted on internal disk but is being backed up on some media that will be removed from the server potentially, usually as a part of a rotation to a vaulting process. -- "The speed of communications is wondrous to behold. It is also true that speed can multiply the distribution of information that we know to be untrue." Edward R Murrow (1964) Mark McCullough [email protected] _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
