Information Technology

Disk Encryption Procedure

This procedures document outlines how Information Technology will deploy disk encryption to secure campus information assets.

Scope

These procedures apply to all CSU Monterey Bay and CSU Monterey Bay auxiliary departments/units.

Disk Encryption

Disk encryption is software/technology that is used to protect Sensitive Data from unauthorized access or viewing. This is accomplished by employing encryption algorithms so that every bit of data is stored in an unreadable format except by users with credentials to decrypt the file or disk.

It is the responsibility of departments storing sensitive data to request disk encryption for those workstations/laptops where Level 1 data is stored. It is recommended that Level 1 data only be stored outside the system of record when required and that all sensitive data be deleted when no longer needed on that device.

Information Technology performs an annual Sensitive Data Inventory and will use the results of that inventory to contact departments indicating that they are storing sensitive data in order to verify the need to store Sensitive Data and that it is being appropriately secured. As needed Information Technology will enable/install necessary software in order to encrypt workstations/laptops.

Additional Security Measures

In addition to disk encryption, Information Technology may also recommend the installation and regular scanning of workstations of Identity Finder in departments processing Sensitive Data in order to verify the regular removal of unneeded Sensitive Data.

Periodic Review

The University Chief Information Officer/Information Security Officer shall conduct an annual review of the Disk Encryption Procedures to ensure that it remains appropriate and relevant.

Last reviewed/updated

06/21/2019 by Chip Lenno, CIO/ISO