5. Device Encryption
What is the percentage of laptop and desktop computers under my control for which full disk encryption is in place?
Why is this Essential?
Encryption is the process of making information unreadable to protect it from unauthorized access. After information has been encrypted, a secret key or password is needed to unencrypt it and make it readable again. It enables to preserve confidentiality and integrity of UBC Electronic Information so that the information is protected from unauthorized access. Further, BC's Privacy Commissioner has indicated repeatedly that encryption of mobile device with personal information is necessary to achieve reasonable security measures, effectively making this a legal requirement.
Reference Links
Encryption RequirementsInstructions
In order to properly answer this question, it is essential that an up-to-date inventory of laptops and desktops is maintained. Encryption requirements apply to Devices, whether UBC-supplied or personally-owned, that are used to access UBC Electronic Information and Systems, or store UBC Electronic Information. Further, UBC’s minimum encryption standard is AES-128 bit encryption or equivalent; AES-256 bit encryption is recommended.
What is Acceptable?
One of the following:
- Inventory of workstations (sccm and jamf, etc.) with encryption requirements applied to devices.
- Newly procured devices through UBC IT are encrypted by default.