• No results found

Information Sharing Protocols (IL1 to IL3) Classification & Encryption Method Using 7 Zip Software

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Information Sharing Protocols (IL1 to IL3) Classification & Encryption Method Using 7 Zip Software"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Information Sharing Protocols (IL1 to IL3)

Classification & Encryption Method

(2)

Classifying Information

How does the information author/owner decide what the correct classification should be?

Any information sent out in an email should be risk-assessed in terms of its confidentiality and the impact resulting from that information being released to unauthorised persons.

The diagram in APPENDIX A outlines the questions an information author/owner should ask in order to determine what classification to apply.

Electronic Transmission

Information transmitted across public networks (e.g. the Internet) within the UK or across any networks overseas should be encrypted using an approved system (7 Zip or Secure FTP transmission). Local user guidelines should identify appropriate encryption methods for various types of information. In all emails containing IL1 to 3 type data please quote the IL rating at the end of the subject line.

Encrypting your files (using 7-zip)

To increase the level of security, you are required to encrypt IL1 to IL3 data before sending it via email. Encryption is a software tool that uses "scrambling" to make data unreadable. Once a message is encrypted, it will appear as a meaningless garble of characters to anyone except the person who has the password to unscramble it.

To help you decide whether you need to encrypt any files before sending them, look at the three questions below. If you answer ‘yes’ to any of them then you should use password protection and encryption.

For example:

• Do you have data that could cause damage to the Council if it fell into the wrong hands? • Are there documents on your computer that are strictly confidential?

• Do you send and receive email messages containing confidential information?

Encrypting a file using 7-zip

To encrypt a file you will need the 7–zip software installed on your machine. You can obtain the software by ringing the HITS help desk (x2000). Once 7-zip is installed onto your computer you can use it to encrypt your files:

• Launch 7-zip using the Start menu (Start - All Programs - 7-zip - 7-zip file manager). • In the 7-zip file manager locate the file that you want to encrypt.

(3)

• Once you have located the file you want to encrypt, select it by clicking it once.

(4)

• This will open a new window called 'Add to Archive.'

• At the top of the left column change the 'Archive Format' to 'Zip' using the drop-down menu.

• At the bottom of the right column check that the 'Encryption method' says 'AES-256.' • Above it, type your chosen password into the 'Enter password' text box.

(5)

• Directly beneath it, re-enter your password into to the 'Re-enter password’ text box. • Please make sure that the ‘show password’ field is NOT ticked.

(6)

• Back in the file manager you can now see the encrypted and zipped file. You can identify it by its icon, which is of a

folder with a zip through it. You may need to use Ctrl + R to refresh the screen

(7)

Opening an encrypted file

To open an encrypted file using 7-zip:

• In the email message window right click the zipped attachment.

• Choose the ‘save as’ option and save it to your desired location on your computer. Click 'Save.' • Close the email message window.

• Open 7-zip using the Start menu. This will open the 7-zip file manager. • Browse for your encrypted file using the drop down list of file locations.

• Once you have located your file double click it to open the folder.

(8)

• At this point you will be asked to enter the password assigned to the encryption process. Enter the password and click

'OK.'

• The document should open.

Best Practice for Password Setting:

• Make passwords hard to guess (8-12 characters in length, alphanumeric with at least one capital letter and at least

one symbol include some special characters like ^%$£).

• NEVER send out passwords in the same email as the encrypted file(s). • Always confirm the identity of the recipient before releasing passwords. • Inform recipients of passwords either face to face or by telephone.

(9)

APPENDIX A

Information Asset

RESTRICTED (IL3) INFORMATION CLASSIFICATION SCHEME

National Security implications

N

Y

Likely to risk any party’s personal safety

N

Likely to require active management to meet expected levels of service

N

Likely to result in undermined confidence in the service provider generally

N

Likely to cause a loss of up to £1 million

N

Likely to cause significant financial loss to any party (eg loss of £10K for an individual or sole trader; loss of £100K for a larger business or

organisation)

N

Likely to cause prolonged distress for an individual citizen, or short-term distress to many citizens

N

Likely to cause loss of reputation for an individual citizen or organisation

N

Risk to any party’s personal safety (eg compromise of an address of vulnerable person which is likely to put them at a moderate risk)

N

Authority-wide disruption, compromise or flawed working of services which could pose an increased risk to health (eg spread of disease)

N

Cancellation of multiple services to a number (up to 1000) of citizens leading to financial losses (up to £10K)

N

Significant incident to which a Local Authority is not able to react within 24 hours which affects a large number of citizens/local businesses (eg

significant flooding, fire, contamination, explosion)

Y Y Y Y Y Y Y Y Y Y Y N Go to next page

Likely to hinder the detection, impede the investigation or facilitate the commission of low-level crime; or hinder the detection of serious crime

(as defined in Legislation) N

Likely to cause a low-level criminal prosecution to collapse or cause a conviction for a low-level criminal offence to be declared unsafe or

referred to appeal N

Y

(10)

Likely to cause discomfit to an individual

Likely to impact on the provision of service for one or many citizens

Likely to reduce one or many citizens’ perception of the service

Likely to cause a financial loss to the Public Sector of up to £10K

Likely to cause a financial loss to any party (eg £100-£1000 for an individual or sole trader; £1000-£10K for a larger business or

organisation)

Likely to cause short-term discuss to an individual citizen

Likely to cause embarrassment to an individual citizen or organisation Risk to any party’s personal safety (eg compromise of an address of

vulnerable person which is likely to put them at a low risk)

Disruption, compromise or flawed working of a local service which could pose a risk to health

Cancellation of services to a number (10-100) of citizens (eg closure of a library or other facility)

Isolated or minor incident to which a Local Authority is not able to react within a few days which affects a number of citizens/local businesses

Other internal documentation

Unclassified (IL0)

/ No Marking

PROTECT (IL1 and IL2)

Y

Documentation specifically created for external publication or is in Council's FOI publication scheme

N N

N

Likely to cause substantial disruption or shutdown of Council operations N N N N N N N N N

Likely to damage the Council’s operational security or effectiveness or seriously impede Council policies

N

May cause minor inconvenience to an individual citizen (eg short delay in applying for a non-essential service)

N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

References

Download now ( PDF - 10 Page - 473.66 KB )

Related documents

Institute of Dental and Craniofacial Research, National Institutes of Health, 2000.

Planning for the 1999 Iowa Oral Health Survey began in the spring of 1999 and included personnel from the Dental Health Bureau of the Iowa Department of Public Health,

Expiratory and inspiratory cries detection using different signals' decomposition techniques

Different signal decom- position techniques such as wavelet packet transform (WPT) and empirical mode decomposition (EMD) have been examined for the features extraction phase.. The

Human Capital Composition, Growth and Development in an R&D Endogenous Growth Model

Thus the model accounts for human cap- ital composition, in the sense that only high-tech human capital participate in R&D activities and predicts a positive relationship

The effect of baryons on the inner density profiles of rich clusters

from projected mass profiles, which they estimated using strong and weak lensing data, together with the surface brightness and resolved stellar kinematics of the BCGs in a sample

The Challenge of Articular Cartilage Repair : Studies on Cartilage Repair in Animal Models and in Cell Culture

All animal models used in this study, i.e., the porcine, lapine and equine model, demonstrated that subchondral bone defects are associated with cartilage defects and

An Introduction to the RSA Encryption Method

A public-key system means the algorithm for encrypting a message is publicly known but the algorithm to decrypt the message is only privately known (by the person who set up

Encryption. Introduction to using 7-Zip

In this example you will encrypt a single file into a self-extracting archive which means that the recipient will not need to have 7-Zip installed on their PC.. Right-click on the

A understanding of cellular morphogenesis is likely to

We were surprised that at the highest con- centration no effect was observed on the rate of assembly when the free tubulin pool should have been significantly