...
- Boot Disk Encryption
Scenario:
Mobile systems such as laptops are highly susceptible to theft and frequently contain valuable data. Boot disk encryption requires the key in order to start the operating system and access the storage media. In this scenario the operating system is removed as a vector for attack in the event of physical compromise. Boot disk encryption is typically implemented in conjunction with full disk encryption.Product(s):
BitLocker, Symantec Endpoint Encryption, PGP Desktop, TrueCrypt*OS-Integrated Product(s):
BitLockerPreferred Product(s):
Symantec Endpoint Encryption - Email Encryption
Scenario:
Email-specific products integrate encryption into the email client, allowing messages and attachments to be sent in an encrypted form transparent to the user. This is most appropriate for departments whose users require frequent and regular encryption of email communications. Most departments can make use of a broader range of file/folder encryption products to encrypt individual files and folders.Product(s):
PGP Desktop - External Devices Encryption
Scenario:
External devices such as hard drive, DVDs, CDs and USB flash drives can be encrypted in their entirety. Data on these systems can be considered secure without access to the key and encryption software.Product(s):
Cryptainer LE, PGP Desktop, TrueCrypt* - File Encryption
Scenario:
Individual or multiple files can be encrypted separate from the host operating system. These encrypted archives can be stored in different locations such as network shares, external hard drives or be transmitted securely via e-mail.Product(s):
7-Zip, Cryptainer LE, Disk Images, EFS, FileVault, PGP Desktop, TrueCrypt*, WinZip, WinSCP, WinZipOS-Integrated Product(s):
Disk Images, EFS, FileVault - Folder Encryption
Scenario:
Folders containing data can be encrypted separate from the host operating system. These encrypted archives can be stored in different locations such as network shares, external hard drives or be transmitted securely via email.Product(s):
7-Zip, Cryptainer LE, Disk Images, EFS, FileVault, PGP Desktop, TrueCrypt*OS-Integrated Product(s):
Disk Images, EFS, FileVault - Full Disk Encryption
Scenario:
Full disk encryption encrypts all data on a system, including files, folders and the operating system. This is most appropriate when the physical security of the system is not assured. Examples include traveling laptops or desktops that are not in a physically secured area.Product(s):
BitLocker, Symantec Endpoint Encryption, PGP Desktop, TrueCrypt*Preferred Product(s):
PGP Whole Disk Encryption - Mobile Device Encryption
Scenario:
Mobile devices such as PDAs and smartphones allow users to exchange, transfer and store information from outside of the office. The extreme portability of these devices renders them susceptible to theft or loss. ISS/C recommends the use of standardized devices such as laptops for storing, transmitting or processing Sensitive Data.Product(s):
BlackBerry Content Protection (BlackBerry Content Protection is not available on all BlackBerry devices), iPhone Encryption - Transport-Level Encryption
Scenario:
Secure transport client/server products provide transport-level encryption to protect data in transit between the sender and recipient in order to ensure delivery without eavesdropping, interception or forgery. This scenario requires the appropriate configuration of a server in order to allow clients to connect in a secure manner.Product(s):
FileZilla, PSFTP, SCP, WinSCP
...
(Satisfies ISO 27002 10.8.4, 10.9.1, 10.9.2, 12.2)