1 / 21

ACS Email Encryption

ACS Email Encryption. Project Sponsors. Chris Leach, Chief Information Security Officer Kevin R. Mitchell , Director of Encryption Services David McLaughlin , Manager Boundary Services Joan Burns , Program Manager for Encryption Services Business Information Security Officer. Slide 2.

raven-simmons
Download Presentation

ACS Email Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ACS Email Encryption

  2. Project Sponsors Chris Leach, Chief Information Security Officer Kevin R. Mitchell, Director of Encryption Services David McLaughlin, Manager Boundary Services Joan Burns, Program Manager for Encryption Services Business Information Security Officer Slide 2

  3. Agenda Overview of ACS Email Encryption Automated Email Encryption Rollout Examples of how Email Encryption Works Now Example of how Email Encryption Works After What business units need to do Impact to clients Slide 3

  4. ACS Email Encryption Overview Encryption of email is currently a manual process Users must place [PGP] in subject line ACS employees are sending 5.4 Million messages per week Consequences of Unencrypted Email Sent as plain text over the internet Anyone who can sniff network traffic can read it causing the data to be at risk If accidentally sent to incorrect person could constitute a reportable breach Slide 4

  5. Unencrypted Email Consequences Below is an example of several Credit Card numbers which were accidentally sent unencrypted. The average data breach cost is continuing to rise, growing 43% since 2005 to an average $197 per data record compromised.  This is a cost on average of $6.3 million per breach. – Ponemon Institute

  6. ACS Encryption Services • What has already been done to help? • Implemented a solution to encrypt email using [PGP] in subject line • What are we doing to make things easier? • Implementing scanning of sensitive data to reduce risk • Added Secure PDF delivery feature

  7. How Encrypted Email works now… Email is sent with [pgp] in the subject line

  8. How Encrypted Email works now… Email is received by Client

  9. How Encrypted Email works now… Email contains a link to the Web portal

  10. How Encrypted Email works now… Client logs onto the Web Portal and creates a passphrase

  11. How Encrypted Email works now… Email is reviewed on the Web Portal

  12. How Encrypted Email will work after the Rollout of Automated Email Encryption • ACS user will continue to send email with sensitive information using [PGP] in the subject line • Initially customer will receive an email with link to set up a passphrase so they may receive the email sent from ACS • After the client receives their first email they will not be required to setup a passphrase again • After Customer enters passphrase they will receive the original email that was sent by ACS, as a secure PDF. The PDF will be encrypted and can be opened using the passphrase they entered. • Any subsequent emails with [PGP] in the subject line will go directly to the customer as encrypted PDF which the customer can open using the passphrase they set up.

  13. How Encrypted Email will work after Email is sent but the ACS Employee forgets to put [pgp] in the subject line

  14. How Encrypted Email will work after Client receives the email

  15. How Encrypted Email will work after Client clicks on the pdf to view the email

  16. How Encrypted Email will work after Client enters their previously defined passphrase

  17. How Encrypted Email will work after The email message is displayed along with any attachments

  18. Advantages to the new delivery method • Secure PDF delivery will allow our customers to get their email locally to their mailbox • This allows each client to keep a copy of the encrypted email on their local computer for review each time they need to refer back to it. • Only login once to setup passphrase • Once the initial passphrase has been setup they will not need to login to the web portal unless they need to respond to the email securely.

  19. What Business Units Need To Do The appropriate ACS representative for each client, vendor, or business partner must: Inform clients, vendors, or business partners of the upcoming change Communicate any rollout exceptions (client domains or ACS email addresses) to Pat Elledge including: Clients, vendors, or business partners who do not want to receive encrypted email from ACS Any ACS email addresses that need to be exempted from the encryption rollout (ex: system automated process) Slide 19

  20. Impact to Clients Minimal impact as follows: First Time Users: First time Clients simply need to click on a link in the secured email and initially set up a passphrase on the web portal. Existing Users The encrypted email appears in their mailbox as a pdf attachment. The user will click on the attachment and enter their previously created passphrase. Note: There is a detailed Recipient Guide available for reference. Slide 20

  21. Questions

More Related