• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 102
  • Last Modified:

Could you conceptually explain the Best Practices related to data encryption ?

Hi Experts


Could you conceptually explain  the Best Practices related to data encryption ?

Thanks in advance.
0
Eduardo Fuerte
Asked:
Eduardo Fuerte
2 Solutions
 
arnoldCommented:
Best practices in the absence of a context, is to encrypt with high bit only fields that are sensitive .... Versus the entire db.
The trade off deals with decryption
The main and important part deals with making sure, encryption keys are backed up, and restoration of data is practiced  to make sure .......

Perhaps, it should be phrased, databases with sensitive information, best practices is to use encryption of those fields.
0
 
btanExec ConsultantCommented:
Best practice for Data Encryption is about asking ourselves and doing it first time right
- Why protect data:  Ensure data integrity and confidentiality are maintained

- What to protect: Identify the data, Differentiate classified/sensitive data vs Public data, Application & system that will have the data at rest, data in transit and data in use

- How to protect: Prioritise data to protect, Use standards in encryption/digital signing/hashing etc, identify solution and scope the data i.e. see the "What to protect"  

- What to look out: Assess impact and must not be worst off or impact business running, Trust but Verify by conduct security test like penetration testing, audit etc

- What assurance in control: Enable audit trail, establish accountability of data owner, process owner ensure non-repudiation in the safeguards implementation
0
 
Eduardo FuerteAuthor Commented:
Very good approach.

Thanks for the help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now