Ensuring User Data Protection And Privacy

Good Essays

##Ensuring User Data Protection & Privacy##

While access to sensitive data on the network is governed via “Access Control” (Refer to Chapter 7 on Network Security), you can assist with additional privacy to users by ensuring they adopt the following secure data communication & storage practices, provided these practices constitute approaches identified during the organization’s Risk Assessment (Refer to Chapter 1). Keep laws & regulations related to encryption in mind before recommending these best practices.

###6.1 Encrypt User Data-at-Rest###
Data-at-Rest refers to user information stored on their devices, in external hard drives and on removable media such as USBs, DVDs.

**6.1.i Full disk encryption (FDE)**

When working with users …show more content…

FDE 's biggest advantage is that there 's no room for error if users don 't abide by or don 't understand encryption policies.

Here are some best practices when instituting Full Disk Encryption (FDE):
- Prep the machine: Before enabling encryption on the HDD, ensure the machine is clean and running properly beforehand. It’s essential that there are no disk problems that would render code specific to the encryption engine to be unreadable.
- Its recommended to defragment the hard drive, run checkdisk several times, back up the data, administer all patches and optimize performance before encrypting.
- Test the waters: Test encryption on a few “pilot” testers - these could be your tech champions to iron out the kinks, gauge user resistance and the scope of the full deployment, before instituting FDE across the organization. (Refer to Chapter 3 for change management best practices).
- Don’t underestimate deployment time; enabling FDE takes time, especially for large drives. A good rule of thumb is that it takes anywhere between 4-6 hours depending on the size of the HDD for the software to encrypt the drive.
- Check for interference with other applications. Another reason for a pilot test is to identify if there is device-driver or BIOS interference between the encryption software and other applications. Run tests for the various operating systems of devices on your network as not all of them may be compatible with your FDE solution.
- Ensure users are employing

Get Access