Invite A Tus Amigos
Páginas: 12 (2946 palabras)
Publicado: 12 de marzo de 2013
Data Breaches and the Encryption Safe
Harbor
Eric A. Hibbard, CISSP, CISA
Hitachi Data Systems
SNIA Legal Notice
The material contained in this tutorial is copyrighted by the SNIA unless otherwise
noted.
Member companies and individual members may use this material in presentations
and literature under the following conditions:
Any slide or slides used must be reproduced in theirentirety without
modification
The SNIA must be acknowledged as the source of any material used in the
body of any document containing material from these presentations.
This presentation is a project of the SNIA Education Committee.
Neither the author nor the presenter is an attorney and nothing in this
presentation is intended to be, or should be construed as legal advice or an opinion
ofcounsel. If you need legal advice or a legal opinion please contact your attorney.
The information presented herein represents the author's personal opinion and
current understanding of the relevant issues involved. The author, the presenter,
and the SNIA do not assume any responsibility or liability for damages arising out of
any reliance on or use of this information.
NO WARRANTIES, EXPRESS ORIMPLIED. USE AT YOUR OWN RISK.
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
2
Abstract
Data Breaches and the Encryption Safe Harbor
As data breaches continue to plague organizations and the
impacts to individuals increase, the statutory and regulatory
responses become more severe. Nearly all states in the U.S.
havepassed data breach laws, which include costly breach
notification requirements. The international community has
adopted stringent privacy laws and some countries are now
considering adding breach notification requirements as a further
deterrent for organizations that haven't taken the requirements
seriously.
This session explores the complexities and ambiguities
associated with these breachlaws, especially when encryption
can serve as a safe harbor. Recent massive breaches and
lawsuits will be used as case studies.
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
3
Encryption & Key Management
Overview
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. AllRights Reserved.
4
A Few Definitions
Plaintext – Original information (intelligible) that is
used as input to an encryption algorithm (cipher).
Ciphertext – The encrypted (unintelligible) output from
an encryption algorithm.
Encryption – The conversion of plaintext to encrypted
text (ciphertext) with the intent that it only be accessible
to authorized users who have the appropriatedecryption key.
Cipher – A mathematical algorithm for performing
encryption (and the reverse, decryption).
Key – A piece of auxiliary information used by a cipher
during the encryption operation.
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
5
Encryption Introduction
Goals of Encryption
Make data unintelligible tounauthorized readers
Make it extremely difficult to decipher data when attacked
Factors to consider:
Strength of encryption (algorithm, key size)
Quality of encryption (sufficiently reviewed by experts;
implementations subjected to accreditation)
Speed of encryption
Management of the persistent encryption keys
Randomness (use of random number generator)
Data Breaches and the EncryptionSafe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
6
Encryption Algorithms
(General Categories)
Symmetric-key Ciphers (Secret-key Cryptography)
Uses the same key to encrypt and decrypt the data
Two types: block ciphers & stream ciphers
Block ciphers commonly used for storage
Generally much less computationally intensive than asymmetric-key ciphers...
Harbor
Eric A. Hibbard, CISSP, CISA
Hitachi Data Systems
SNIA Legal Notice
The material contained in this tutorial is copyrighted by the SNIA unless otherwise
noted.
Member companies and individual members may use this material in presentations
and literature under the following conditions:
Any slide or slides used must be reproduced in theirentirety without
modification
The SNIA must be acknowledged as the source of any material used in the
body of any document containing material from these presentations.
This presentation is a project of the SNIA Education Committee.
Neither the author nor the presenter is an attorney and nothing in this
presentation is intended to be, or should be construed as legal advice or an opinion
ofcounsel. If you need legal advice or a legal opinion please contact your attorney.
The information presented herein represents the author's personal opinion and
current understanding of the relevant issues involved. The author, the presenter,
and the SNIA do not assume any responsibility or liability for damages arising out of
any reliance on or use of this information.
NO WARRANTIES, EXPRESS ORIMPLIED. USE AT YOUR OWN RISK.
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
2
Abstract
Data Breaches and the Encryption Safe Harbor
As data breaches continue to plague organizations and the
impacts to individuals increase, the statutory and regulatory
responses become more severe. Nearly all states in the U.S.
havepassed data breach laws, which include costly breach
notification requirements. The international community has
adopted stringent privacy laws and some countries are now
considering adding breach notification requirements as a further
deterrent for organizations that haven't taken the requirements
seriously.
This session explores the complexities and ambiguities
associated with these breachlaws, especially when encryption
can serve as a safe harbor. Recent massive breaches and
lawsuits will be used as case studies.
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
3
Encryption & Key Management
Overview
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. AllRights Reserved.
4
A Few Definitions
Plaintext – Original information (intelligible) that is
used as input to an encryption algorithm (cipher).
Ciphertext – The encrypted (unintelligible) output from
an encryption algorithm.
Encryption – The conversion of plaintext to encrypted
text (ciphertext) with the intent that it only be accessible
to authorized users who have the appropriatedecryption key.
Cipher – A mathematical algorithm for performing
encryption (and the reverse, decryption).
Key – A piece of auxiliary information used by a cipher
during the encryption operation.
Data Breaches and the Encryption Safe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
5
Encryption Introduction
Goals of Encryption
Make data unintelligible tounauthorized readers
Make it extremely difficult to decipher data when attacked
Factors to consider:
Strength of encryption (algorithm, key size)
Quality of encryption (sufficiently reviewed by experts;
implementations subjected to accreditation)
Speed of encryption
Management of the persistent encryption keys
Randomness (use of random number generator)
Data Breaches and the EncryptionSafe Harbor
© 2012 Storage Networking Industry Association. All Rights Reserved.
6
Encryption Algorithms
(General Categories)
Symmetric-key Ciphers (Secret-key Cryptography)
Uses the same key to encrypt and decrypt the data
Two types: block ciphers & stream ciphers
Block ciphers commonly used for storage
Generally much less computationally intensive than asymmetric-key ciphers...
Leer documento completo
Regístrate para leer el documento completo.