cryptography and encryption

there are two main types of Encryption 

Symmetric encryption

  • AES128 or higher must be used
  • AES256 must be used with external cloud service providers
  • Other algorithms must not be used

Asymmetric encryption

  • RSA with a minimum key length of 2048 must be used
  • The DH key exchange protocol should be used where appropriate for key exchange and must use a minimum key size of 2048
  • Private keys must be subject to periodic review to identify compromise
  • Other Asymmetric Encryption must not be used

Hash functions

  • SHA-2 with a digest value of 256 or higher should be used
  • SHA-3 may be used in place of SHA-2
  • MD5, SHA-1 must not be used except for file validation
  • Other algorithms not listed must not be used
  • Cryptographic salt should be used in combination with all implementations of hash functions except for file validation

Cipher suites for SSL/TLS

  • EECDH+AESGCM
  • EDH+AESGCM
  • AES256+EECDH
  • AES256+EDH
  • TLS v1.1 may be used to support legacy implementations
  • TLS v1.2 should be used
  • TLS v1.3 can be used once standard ratified
  • Other cipher suKey genites must be disabled

2. Key generation

Cryptographic keys must be generated and stored in a secure manner that prevents loss, theft, or compromise. Keys need to be communicated by reliable and secure methods and kept confidential.
Key generation must be seeded from an industry standard random number generator (RNG).
Where user-generated passwords are required to decrypt data – either as the key or as input to a key derivation function – these should follow the University’s Control Procedure for Password Management. It is important that local procedures are put in place to ensure that passwords used to encrypt devices are communicated to teams on a need to know basis, so that if an individual leaves the University access can still be gained to the University’s data.

3. Client device encryption

All University managed computers require encryption for the protection of vulnerable and sensitive data. Computers running Microsoft Windows will use Bitlocker drive encryption. Access to the list of the keys in the Active Directory is restricted to the Server Management Team. Computers running alternative operating systems will have native encryption enabled where available.
Mobile devices synchronising email with the University email system must be forced to use encryption by the Active Sync settings pushed to the device.
Devices not under University management should have encryption enabled where possible at the user's discretion, but the University reserves the right to restrict devices from the network or defined network resources where they do not meet these and other security requirements.

4. Database encryption

University managed databases will have Transparent Database Encryption enabled by default unless an exception has been agreed with the Head of Information Security. As newer versions of database technology include more native encryption options, these should be enabled by default unless an exception has been agreed with the Head of Information Security.

5. Transferring data

Sensitive information shall only be removed from the University network with adequate protection, in line with the Information Classification Scheme. Tools for protecting information are offered by ISDS, including built-in encryption in Microsoft Office products, 7-Zip for file an folder encryption, encrypted USB devices, and use of Criminal Justice Secure Mail (CJSM) for email encryption to secure Government and public sector networks. Further information is available from ISDS.

6. Remote network access

Facilities for connection to the University’s IT systems and services via networks not fully within the control of the organisation’s security management (such as the internet or wireless access), will be secured according to the standards in this procedure.

Comments

Post a Comment

Popular posts from this blog

Reasons to Learn English

Image
  10 Reasons to Learn English 1. English is a global language English is the most commonly spoken language in the world. One out of five people can speak or at least understand English! 2. Studying English can help you get a job English is the language of science,  aviation , computers, diplomacy, and tourism. Knowing English increases your chances of getting a good job in a multinational company within your home country or of finding work abroad. 3. Learning English can help you meet new people English is the official language of 53 countries and is used as a lingua franca (a mutually known language) by people from all around the world. This means that whether you’re working in Beijing, or travelling in Brazil, studying English can help you have a conversation with people from all over the world. 4. Many scientific papers are written in English In the last century, the number of scientific papers written in English has started to outweigh the number of papers written in the n...
Read more

20 new skills to boost your career

Image
 20 new skills to boost your career Developing new skills will help you gain the opportunities to advance your career. Here are 20 skills to consider: Please note that no company or entity mentioned in this article is affiliated with Indeed. 1. Basic coding Workplaces are now more dependent on computers, and so they need employees with coding and programming skills. Coding involves assigning a computer a task to do based on the guidelines you’ve outlined. Those with coding skills can, therefore, have a greater potential to find more jobs and earn more money. 2. Data analysis and statistics This set of skills is the ability to collect key details from a set of information and interpret those details to form a conclusion. Employers use data analysis and statistics to direct their products and services to specific markets or prove production changes have desired results. Data analysis and statistics allow you to draw a logical conclusion and communicate it to other people. Possessing ...
Read more
Image
  स्टूडेंट्स ज़रूर अपनाएं ये 7 महत्वपूर्ण कंप्यूटर स्किल्स आज के समय में जो भी व्यक्ति कंप्यूटर या लैपटॉप का उपयोग करता है उसके लिए कंप्यूटर स्किल्स एक बुनियादी आवश्यकता है. स्टूडेंट्स के लिए कंप्यूटर स्किल्स को स्कूल में ही सही से विकसित कर लेना चाहिए जिससे उन्हें स्कूल के काम और परियोजनाओं में सहायता मिलेगी. यहां पढ़े और जाने ऐसी 7 कंप्यूटर स्किल्स जो हर स्टूडेंट को आनी चाहिए Top skills for school students टेक्नोलॉजी आज हर व्यक्ति की ज़िन्दगी का एक महत्वपूर्ण हिस्सा बन चुकी है. आज के समय में हर व्यक्ति कंप्यूटर, लैपटॉप, मोबाइल, टैबलेट आदि का उपयोग करते हैं. इसलिए, शिक्षा के लिए टेक्नोलॉजी का उपयोग ज़ाहिर सी बात है. कंप्यूटर स्किल्स स्टूडेंट्स के लिए बहुत आवश्यक है क्यूंकि उन्हें हर स्तर पर चाहे वो स्कूल में, कॉलेज में या फिर जॉब में हो, सभी जगह कंप्यूटर या लैपटॉप आदि पर काम करना ही होता है. और यही नहीं हमे निजी ज़िन्दगी में भी कुछ आवश्यक कंप्यूटर स्किल्स मालूम होनी चाहिए. स्टूडेंट्स के लिए कम्प्यूटर स्किल्स उनके होमवर्क,असाइनमेंट, प्रोजेक्ट्स या कक्षा में अध्ययन करने में भी सहायक होती...
Read more