Re: Email Security Policies/Practices for Staff

[Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>]

Mike-

In our Systems and Networking groups we have instituted a de-facto
policy of using GnuPG in conjunction with The Enigmail plugin for
Mozilla Thunderbird.  The GnuPGP + Enigmail combo allows us to easily
sign and encrypt sensitive email (root passwords, etc) to one or more
individuals and on the receiving end the recipient just needs to enter
his/her PGP passphrase to decrypt the message right within the t-bird
message pane.

Enigmail also includes a basic key management interface so its really a
self-contained solution.  Enigmail is available at
http://enigmail.mozdev.org/

Regards,

Jeff Giacobbe
Montclair State University


Mike Wiseman wrote:
> Hello,
>
> I'm interested to find out if institutions are implementing
> policies/practices/services on using email with sensitive or
> confidential content. I'm thinking of staff working in HR,
> administration, financial, admissions, network operations, etc. who want
> to (or do) use email and need end-to-end security services to
> reduce exposure to forgery and information compromise. Services such
> as email authentication (digital signing via S/MIME or PGP) and/or
> encryption (S/MIME, encrypted archives, key storage).
>
> The issue comes up occasionally and people like me give the usual 'don't
> do it - it's not secure' line. I'd like to look at recommending products
> and/or providing the services required.
>
> Mike
>
>
> Mike Wiseman
> Manager - Computer Security Administration
> Computing and Networking Services
> University of Toronto