ENISA issues recommendations for securing data using cryptography
Posted on 04 November 2013.
ENISA, the European Union’s “cyber security” Agency, launched a report recommending that all authorities should better promote cryptographic measure to safeguard personal data.


The report addresses ways to protect sensitive and/or personal data that has been acquired legitimately. The clear link between privacy and cryptography is underlined, demonstrating how the latter can play a role in protecting personal data and safeguarding legitimately collected sensitive or confidential data.

The report presents a mapping of security requirements for personal data and basic cryptographic techniques. It is noteworthy that information security measures and mechanisms can be deployed for the protection of personal data. However, information security does not cover all the issues regarding personal data protection and privacy.

Indeed, personal/sensitive data requires different protection measures in different stages of the lifecycle. Therefore, the report presents a short version of such a lifecycle description. The report also identifies security measures and an introduction to basic cryptographic techniques.

The report is complemented with a set of technical recommendations for algorithms, key sizes, parameters and protocols. The target audiences of these recommendations are system developers and maintenance engineers in commercial environments who are faced with the need to deploy or replace protective measures for data.

Amongst the top three findings and recommendations are:
  • The cryptographic measures are only one piece of a puzzle when referring to privacy and data protection. However, cryptographic measures can provide an important layer of protection for data protection, which may reduce the impact of breaches. The relevant stakeholders (Data Protection Authorities, EU Member States authorities, and service providers) should recommend users and others to implement security measures for protecting personal data, as well as rely on state-of-the-art solutions and configurations for this purpose.
  • Specialised personnel are needed for the correct implementation of updated cryptographic protective measures.





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //