full disk encryption
play

Full Disk Encryption Larry Carson, Associate Director, Information - PowerPoint PPT Presentation

Jul 20, 2023 •239 likes •426 views

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What Security Really Looks Like at UBC New s-w orthy Security I ncidents UBC Laptop Loss & UVic Loss of 11,845 VGH Loss of 450 medical Recovery with

  1. Full Disk Encryption Larry Carson, Associate Director, Information Security Management

  2. What Security Really Looks Like at UBC

  3. New s-w orthy Security I ncidents UBC Laptop Loss & UVic Loss of 11,845 VGH Loss of 450 medical Recovery with 50,000 records via Resident laptop employee records incl. records banking info & USB drive S tolen from vehicle S tolen USB stick L ost/stolen at Toronto airport (Feb 2012) (Jan 2012) (Late Sep 2011) Human Resources and Canada’s Privacy Elections Ontario ~2.4 Skills Development (HRSD) Commissioner’s Office 800 million voter records lost 583,000 student Loan employee records (2) Unencrypted USB sticks records lost external hard drive (Apr 2012) lost external hard drive (Feb 2014) (Jan 2013) BC Ministry of Education UBC Loss of 160 student Loss of 3.4 million student records records TA Laptop stolen from campus External hard drive missing (Oct 2015) (Sep 2015)

  4. Definition of Personal Information “recorded information about an identifiable individual , not including contact information” Contact information: “ information to enable an individual at a place of business to be contacted , including the name, position name or title, business telephone number, business address, business email or business fax number of the individual” 4

  5. 10 Things You Must Know about Privacy 1. You must be able to identify personal information 2. Your regular work activities are not private 3. Embarrassment is not a valid reason to withhold records 4. Use privacy notifications to collect personal information 5. Retain personal information for at least one year 6. Disclose personal information on a “need to know” basis 7. Protect personal information using reasonable security 8. Don’t store personal information outside Canada 9. Report privacy breaches promptly 10. Do privacy impact assessments for new projects 5

  6. UBC Recent Stats on Thefts ( 2 0 1 5 ) Thefts of Devices Storing UBC Data 16 15 14 13 4 12 11 10 9 0 Encrypted 8 Unencrypted 7 6 11 5 2 9 4 3 2 2 4 1 0 2 1 0 0 0 0 0 0 0 May June July August September October November December

  7. Policies, Procedures, Standards & Guidelines Lower Detail Policies Must Comply Procedures Standards Guidelines Recommended Greater Detail

  8. UBC Policies & Standards #104 Acceptable Use and Security of UBC Electronic Information and Systems (June 2013) http://cio.ubc.ca/securitystandards (11) Management & Technical (10) Standards for All Users Standards

  9. 2 1 Standards I ncl. Cryptographic Controls Cryptographic Encryption Requirements Controls Mandatory Mobile Device Strong Passwords or Key Escrow Encryption Passphrases Portable Laptop Smartphone/ Storage FDE Tablet Devices

  10. Device Encryption: What to Encrypt Encrypt Laptops – UBC provides a commercial solution at no cost • Encrypt High risk desktops/servers Encrypt Storage Devices Encrypt Smartphones/Tablets Encrypt Personally owned devices if they contain UBC Personal Information (PI)

  11. Device Encryption: Who does it apply to? Faculty Staff (TA’s & GRA’s incl.) All UBC employees who handle PI

  12. Tools • Windows & Mac • Manages local FileVault on Mac McAfee • Manages local Bitlocker on Windows • Original pilot was 1000 seats Symantec • Was used for Windows, Mac and Linux PGP • Is now on hiatus

  13. Devices To be encrypted • Laptops – all with PI • Desktops that are high risk (traffic, data, etc.) Exemptions • Eligible: laptops that do not/will not contain PI. e.g. certain research lab computers

  14. Other Considerations Don’t keep more data than you need on mobile devices • Delete records that aren’t needed • Backup old class lists to network shares and delete them from the device • Delete Columns/Attributes that aren’t needed – especially high sensitivity PI (PHI, SIN, DoB, etc.) Don’t store class lists in the cloud (e.g. DropBox, Google, etc.) • Use Workspace 2.0 – the data stays in Canada (at UBC)

  15. I m pacts Breach notification Fines of up to $500,000 Costs to the Dept Reputation damage Grants

  16. A Parting Note on Reality vs. What we Think HTTP :// XKCD . COM /538/

  17. Contact Larry Carson, Associate Director, Information Security Management larry.carson@ubc.ca 604.822.0773 Twitter: @L4rryC4rson

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020

Close lid to encrypt Hard disk encryption in Linux suspend mode Tim Dittler FOSDEM, 02.02.2020 Whats Close lid to encrypt? Project by Jonas Meurer and me Freelancing systems engineers living in Germany Full-disk encryption

397 views • 16 slides
Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to use Mandos? 1. Physical/bare metal hardware? 2. More than just one physical machine? 3. Want to use full-disk encryption? You should use Mandos!

559 views • 11 slides
Evil Maid Just Got Angrier Why Full-Disk Encryption With TPM is Insecure on Many Systems Yuriy

Evil Maid Just Got Angrier Why Full-Disk Encryption With TPM is Insecure on Many Systems Yuriy

Evil Maid Just Got Angrier Why Full-Disk Encryption With TPM is Insecure on Many Systems Yuriy Bulygin (@c7zero) CanSecWest 2013 Outline 1 UEFI BIOS Outline 1 UEFI BIOS 2 Measured/Trusted Boot Outline 1 UEFI BIOS 2 Measured/Trusted Boot 3 The

906 views • 90 slides
What's this about? A discussion about modern disk encryption systems Who am I? Jacob

What's this about? A discussion about modern disk encryption systems Who am I? Jacob

What's this about? A discussion about modern disk encryption systems Who am I? Jacob Appelbaum Some guy with great hair from Sunny Warm Never Foggy San Francisco, California, Freedom Land USA Come visit! It's fun to get finger

776 views • 38 slides
A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and Seth Terashima Portland State University Motivation: Full Disk Encryption File System Virtual Disk (Exposes plaintexts) FDE Physical Disk

1.24k views • 59 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
Making sure data is lost. Spook strength encryption of on-disk data. Poul-Henning Kamp The

Making sure data is lost. Spook strength encryption of on-disk data. Poul-Henning Kamp The

Making sure data is lost. Spook strength encryption of on-disk data. Poul-Henning Kamp The FreeBSD Project <phk@FreeBSD.org> A line in the sand Before operation Desert Shield/Storm, Air Chief Marshal Patrick Hine briefed

554 views • 30 slides
Making sure data is lost. Spook strength encryption of on-disk data. Poul-Henning Kamp The

Making sure data is lost. Spook strength encryption of on-disk data. Poul-Henning Kamp The

Making sure data is lost. Spook strength encryption of on-disk data. Poul-Henning Kamp The FreeBSD Project <phk@FreeBSD.org> A line in the sand Before operation Desert Shield/Storm, Air Chief Marshal Patrick

431 views • 27 slides
Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van Oorschot askillen@ccsl.carleton.ca Carleton Computer Security Lab Carleton University Ottawa, Canada SPSM 2013, Berlin, Germany November 8, 2013 The

488 views • 28 slides
Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

Disk Management Disk Structure Disk Scheduling RAID Disk Block Management

CPSC 410 / 611 : Operating Systems Disk Management Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Modern Secondary Storage Technologies Disk Management Disk Structure Disk Scheduling RAID

555 views • 18 slides
CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID

CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID

CPSC 410 / 611 : Operating Systems Disk Management CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Reading: Silberschatz Chapter 12 Disk Structure sector cylinder

620 views • 13 slides
Today How is data saved in the hard disk? Magnetic disk Disk speed parameters Disk

Today How is data saved in the hard disk? Magnetic disk Disk speed parameters Disk

Today How is data saved in the hard disk? Magnetic disk Disk speed parameters Disk Scheduling RAID Structure 1 CS 4410 Operating Systems Mass-Storage Structure Summer 2013 Cornell University 2 Secondary Storage Save

661 views • 26 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block

CPSC 410 / 611 : Operating Systems Disk Management CPSC 410/611: Disk Management Disk Structure Disk Scheduling RAID Disk Block Management Reading: Doeppner 6.1, 6.4 (more to follow, on File Systems) Disk Structure sector

367 views • 13 slides
Disk Storage Disk Storage Different types of disk storage: The smallest addressable unit

Disk Storage Disk Storage Different types of disk storage: The smallest addressable unit

Disk Storage Disk Storage Different types of disk storage: The smallest addressable unit on a disk storage is a block . Hard disks The size of a block is usually 512 bytes. Mountable disk Non-mountable disk - Winchester disk

546 views • 10 slides
Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and

Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and

Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and Configurations RAID File Systems Rotational Media Disk storage Generic term used to describe storage where data is digitally recorded by

619 views • 37 slides
Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary Webinar From healthsystemCIO.com Sponsored by Proofpoint Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck:

468 views • 22 slides
Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT

Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT

Efficient and Secure Cloud Based Healthcare Systems for the Storage of Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT What We Will Cover Today Introduction and Motivation Introduction

472 views • 44 slides
Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

407 views • 18 slides
Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc.

Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc.

Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc. Supervisor: F. Turkmen PhD February 6, 2017 University of Amsterdam Introduction Problem Securely storing BigData on NoSQL database systems.

669 views • 48 slides
Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal

Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal

Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal Shebaro Shebaro (Computer Science (Computer Science- - UNM) UNM) Bilal Jedidiah R. Crandall R. Crandall (Computer Science (Computer Science- -

464 views • 33 slides
Project UltiMatrix Tarun Pondicherry Michael Navara Katrina Pizarro Alex Rodriguez Aaron Schaff

Project UltiMatrix Tarun Pondicherry Michael Navara Katrina Pizarro Alex Rodriguez Aaron Schaff

Project UltiMatrix Tarun Pondicherry Michael Navara Katrina Pizarro Alex Rodriguez Aaron Schaff Overview Requirements Responsibilities Schedule Encryption Algorithm C+ + Function Overview Function Algorithms Final

572 views • 38 slides
t t rt t t tt

t t rt t t tt

Prs rs rt t tt s t r t t

686 views • 52 slides
LAMP L EARN, A SSESS, M ANAGE, P REVENT A Digital Therapeutic Relationship? Multiple Streams of

LAMP L EARN, A SSESS, M ANAGE, P REVENT A Digital Therapeutic Relationship? Multiple Streams of

LAMP L EARN, A SSESS, M ANAGE, P REVENT A Digital Therapeutic Relationship? Multiple Streams of Data Physical Activity Activity Symptom Surveys Symptoms Cognitive Testing Environment Time Stamps Geo-Location / GPS Patient / Person Facing

342 views • 9 slides

More recommend