Educause Security Discussion mailing list archives

Re: Data Encryption Policies

From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Tue, 6 May 2003 17:39:06 -0500

Essentially, we have a policy that states that credit card numbers may
not be stored on any IU server at all.  Departments are use our central
processing mechanism (Cybercash before, but I think Infinet now). There
have been a couple of exemptions to that, where the card numbers are in
fact encrypted and only stored for a short period of time.
M.

-- 
Mark S. Bruhn, CISSP 

Chief IT Security and Policy Officer 
Interim Director, Research and Educational Networking Information
Sharing and Analysis Center (ren-isac () iu edu) 

Office of the Vice President for Information Technology and CIO 
Indiana University 
812-855-0326 

Incidents involving IU IT resources: it-incident () iu edu 
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu 


-----Original Message-----
From: Sallie F Wright/cis/evp/Okstate [mailto:wsallie () OKSTATE EDU] 
Sent: Tuesday, May 06, 2003 3:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Data Encryption Policies



Does anyone have a data policy for storing ssn and credit card numbers
encrypted? 
Sallie Fulsom Wright
CIS Information Technology
System Security Officer
405 744-2752 
********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/. 

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

Data Encryption Policies Sallie F Wright/cis/evp/Okstate (May 06)
- <Possible follow-ups>
- Re: Data Encryption Policies Bruhn, Mark S. (May 06)
- Re: Data Encryption Policies Brian Reilly (May 07)
- Re: Data Encryption Policies Theresa M Rowe (May 07)