Disk Encryption Procedure
This procedures document outlines how Information Technology will deploy disk encryption to secure campus information assets.
These procedures apply to all CSU Monterey Bay and CSU Monterey Bay auxiliary departments/units.
Disk encryption is software/technology that is used to protect Sensitive Data from unauthorized access or viewing. This is accomplished by employing encryption algorithms so that every bit of data is stored in an unreadable format except by users with credentials to decrypt the file or disk.
It is the responsibility of departments storing sensitive data to request disk encryption for those workstations/laptops where Level 1 data is stored. It is recommended that Level 1 data only be stored outside the system of record when required and that all sensitive data be deleted when no longer needed on that device.
Information Technology performs an annual Sensitive Data Inventory and will use the results of that inventory to contact departments indicating that they are storing sensitive data in order to verify the need to store Sensitive Data and that it is being appropriately secured. As needed Information Technology will enable/install necessary software in order to encrypt workstations/laptops.
Additional Security Measures
In addition to disk encryption, Information Technology may also recommend the installation and regular scanning of workstations of Identity Finder in departments processing Sensitive Data in order to verify the regular removal of unneeded Sensitive Data.
The University Chief Information Officer/Information Security Officer shall conduct an annual review of the Disk Encryption Procedures to ensure that it remains appropriate and relevant.
06/21/2019 by Chip Lenno, CIO/ISO