Rolling Meadows, IL, USA, Febraury 2009 — ISACA, has applauded moves by the data storage industry to develop a common encryption standard for use on hard drives.
According to Vernon Poole, CISM Head of Business Consultancy for Sapphire and Member of ISACA’s Information Security Management Committee, the development of the standard by the Trusted ComputingGroup - whose membership includes Fujitsu, Hitachi, IBM, Samsung,Seagate, Toshiba and Western - centres around three non-proprietary specifications.
"The Opal Security Subsystem Class Specification is designed for PC clients, the Enterprise Security Subsystem Class Specification is for datacentre storage, while the Storage Interface Interactions Specification focuses on the interactions between these storage devices and underlying SCSI/ATA protocols," he said.
"These three specifications come together to form a security framework that the data storage industry can use on their drives, and so allow notebook, as well as desktop, PC users to encrypt their data on-the- fly as it is written to the drive," he added.
As data is required, he went on to say, it can be decrypted directly into the computer's memory, so lessening the risk that the data will fall into the wrong hands.
"The fact that the industry has developed these specifications under the auspices of the Trusted Computing Group, is extremely positive for all aspects of the IT security industry, since it will allow companies to upgrade their computers and have a baseline on which to build an enforceable set of IT security policies," he said.
"Research from the Privacy Rights Clearinghouse (http://www.privacyrights.org) shows that, in recent years, more than 252 million records containing sensitive data have been compromised due to security breaches in the US alone. The use of encrypted hard drives would have greatly reduced this figure," he added.
For more on the Opal Security standard: http://tinyurl.com/awt3ga
For more on ISACA: http://www.isaca.org
With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 9,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.
Neil Stinchcombe,
Eskenzi PR
<>
ISACA applauds move to common disk encryption standard
Experts concur Yasni research highlights case for encryption
IT security experts says Yasni research highlights case for encryption
Research just released shows that 83 per cent of people use their date of birth, maiden or pet name as a security password for e-banking or email accounts strengthens the case for the use of encryption on company data of all types, says Credant Technologies.
"The research from our colleagues at Yasni.co.uk highlights the fact that, despite all the issues surrounding cybercrime and the theft of personal data, human nature is such that simple and easy to remember passwords remain the norm," said Michael Callahan, military grade encryption specialist Credant's vice president.
"The fact that so many people are using data that can easily be extracted from public records or even the Internet is extremely worrying, as, if that approach is transposed to a business environment, it makes company security very weak indeed," he added.
Against this backdrop, Callahan says that the case for encryption on personal and company confidential data in the workplace, and particularly on notebooks which are used outside of the office environment, is greatly strengthened.
Office workers and factory employees, he said, tend to develop close working relationships and regular celebrate each other's birthdays, as well as having pictures of their family or pets in the workplace.
It does not, therefore, he explained, take some of James Bond's spy skills to extrapolate sufficient information on an employee's personal life and use the data to access their password-protected files.
The data situation is not helped, he went on to say, by social networking sites such as Facebook and MySpace allowing online friends all manner of access to personal details.
"If the data from the survey is extrapolated to the workplace, then it's a fair bet that your work colleagues are using similar low levels of password security on their office systems. If ever there was a case for encryption of company data, this is it," he said.
For more on the Yasni.co.uk research: http://tinyurl.com/dzufea
For more on Credant Technologies: http://www.credant.com
Yvonne Eskenzi
Eskenzi PR
<>
Seed Newsvine