Security Basics mailing list archives

Re: Email Encryption

From: khushbu.jithra () niiconsulting com
Date: 15 May 2008 06:45:22 -0000

Hi Pete,

You are right, according to the standard, section 4.2 clearly states "Never send unencrypted PANs by email"

Winzip may not provide the most reliable encryption. Besides, its best not to restrict yourself to encryption of 
attachments. As the others rightly pointed out, some options are S/MIME, OpenPGP.

These are not present in all email clients, however, Thunderbird and Outlook by default come with the functionality.

One very good resource that might help you make a choice is NIST guidelines on Email Security
http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf

It would be great if you shared your choice and the reasoning behind the same once you've made up your mind.

HTH,
Khushbu Jithra
Practice Lead | Audits and Compliance
NII Consulting  | Web: www.niiconsulting.com

Current thread:

Email Encryption pete . hill (May 14)
- Re: Email Encryption Preston Kutzner (May 14)
  - Re: Email Encryption Adriel Desautels (May 14)
  - Re: Email Encryption m0untainrebel (May 14)
  - RE: Email Encryption Daniel I. Didier (May 14)
- Re: Email Encryption Gregory Boyce (May 14)
  - RE: Email Encryption TBarnhart (May 14)
    - Re: Email Encryption Adriel Desautels (May 15)
- Re: Email Encryption Ansgar -59cobalt- Wiechers (May 14)
- <Possible follow-ups>
- Re: Email Encryption khushbu . jithra (May 15)
- Re: Email Encryption khushbu . jithra (May 15)
- Re: Email Encryption Adriel Desautels (May 16)