Could you conceptually explain  the Best Practices related to data encryption ?

Eduardo Fuerte
Eduardo Fuerte used Ask the Experts™
on
Hi Experts


Could you conceptually explain  the Best Practices related to data encryption ?

Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017
Commented:
Best practices in the absence of a context, is to encrypt with high bit only fields that are sensitive .... Versus the entire db.
The trade off deals with decryption
The main and important part deals with making sure, encryption keys are backed up, and restoration of data is practiced  to make sure .......

Perhaps, it should be phrased, databases with sensitive information, best practices is to use encryption of those fields.
Exec Consultant
Distinguished Expert 2018
Commented:
Best practice for Data Encryption is about asking ourselves and doing it first time right
- Why protect data:  Ensure data integrity and confidentiality are maintained

- What to protect: Identify the data, Differentiate classified/sensitive data vs Public data, Application & system that will have the data at rest, data in transit and data in use

- How to protect: Prioritise data to protect, Use standards in encryption/digital signing/hashing etc, identify solution and scope the data i.e. see the "What to protect"  

- What to look out: Assess impact and must not be worst off or impact business running, Trust but Verify by conduct security test like penetration testing, audit etc

- What assurance in control: Enable audit trail, establish accountability of data owner, process owner ensure non-repudiation in the safeguards implementation
Eduardo FuerteDeveloper and Analyst

Author

Commented:
Very good approach.

Thanks for the help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial