Based on the following information, assess where and when cryptography is needed within a typical IT infrastructure to be in compliance with policies and laws.
Data and information are important assets of Richman Investments. These assets must be protected from loss of integrity, confidentiality, or availability and must be in compliance with Richman's policies and state and federal laws.
Data classification: Confidential. This refers to highly sensitive data, such as client records; employee ID numbers; and personnel records, intended for limited and specific use by a workgroup, department, or group of individuals with a legitimate need-to-know. This data classification has a high level of sensitivity.
Richman's security policy statements for confidential data are as follows: ▪ When the data is stored on mobile devices and media, protections and encryption mechanisms must be employed. ▪ The data must be stored in a locked drawer, room, or an area where access is controlled by a guard, cipher lock, or a card reader. The area must have sufficient physical access control measures to afford adequate protection and prevent unauthorized access by visitors or other persons without a need-to-know. ▪ The data must be strongly encrypted when transferred electronically to any entity outside of Richman Investments.
1. Cryptography is needed for mobile devices and media, as well as protections and encryption on any company systems and hardware. 2. The data stored in locked drawers, rooms, or areas where access is controlled by a guard, cipher lock, or a card reader is a key area where cryptography is needed as access to these areas must be restricted to any unauthorized personnel. Any secured or guarded restricted area is required to have physical access control measures to allot for protection and to prevent any unauthorized access by anyone not holding the proper credentials to be in the secured area. 3. All data