We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byFrancesca Fussell
Modified over 2 years ago
© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services http://oit.boisestate.edu/security/
© 2012 Boise State University2 Universities in the News! University of Idaho 70,000 Donor Records University of Texas at Austin 225,000 Student Records UCLA 500,000 Student Records
© 2012 Boise State University3 University NOT in the News! Boise State University Zero Lost Records So Far! Go Broncos!
© 2012 Boise State University4 Information We Keep Students, Faculty, Staff, Donors, Contractors Financial Records Grades Credit Card Information Health Care Information Addresses Phone Numbers Insurance Records Social Security Numbers All Protected By Law!
© 2012 Boise State University5 Alphabet Soup So Many Laws... FERPA HIPAA PCI-DSS GLBA SOX Red Flag Alerts Idaho Code §28-51-105 §28-51-
© 2012 Boise State University6 Alphabet Soup Information Technology Resource Use (8000) http://policy.boisestate.edu/wp-content/uploads/2011/05/8000_informationtechnologyresourceuse.pdf Information Privacy and Security (8060) http://policy.boisestate.edu/wp-content/uploads/2011/05/8060_InformationPrivacySecurity.pdf Cash Handling (6010) http://policy.boisestate.edu/wp-content/uploads/2011/05/6010_CashHandling.pdf
© 2012 Boise State University7 Alphabet Soup What is PII? Personally Identifiable Information The One Acronym That Says it All!
© 2012 Boise State University8 Best Practices Know the Data Your Office Handles Data Classification Know How to Safeguard the Data Protecting Information
© 2012 Boise State University9 Best Practices Data Classification Method to identify the level of protection various kinds of information need or require A rubric of three levels of sensitivity Level One - Private Level Two - Protected Level Three - Public http://oit.boisestate.edu/security/it-security-policy-and-procedures/dataclassification/
© 2012 Boise State University10 Best Practices Data ClassificationLevel One – Private information that must be protected as required by law, industry regulation, or by contract Examples - Student or employee records; social security numbers; A numbers; grades; employee performance reviews; personnel files; personally identifiable information; – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft
© 2012 Boise State University11 Best Practices Data ClassificationLevel Two Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, Idahos Open Records Law Examples - Internal e-mails; meeting minutes; unit working & draft documents. Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft
© 2012 Boise State University12 Best Practices Data ClassificationLevel Three Public Information Examples - Standard practice guides and policies; college plan; personal directory; maps; course catalog, public web page, press releases, advertisements, schedules of classes. Consequences of loss Loss of personal data with no impact to the university Bad Publicity
© 2012 Boise State University13 Best Practices Data ClassificationHow To CIA: The Big Three of Information Security C onfidentiality the need to strictly limit access to data to protect the university and individuals from loss I ntegrity data must be accurate and users must be able to trust its accuracy A vailability data must be accessible to authorized persons, entities, or devices http://oit.boisestate.edu/security/it-security-policy-and-procedures/dataclassification/how2classdata/
© 2012 Boise State University14 Best Practices Data ClassificationHow Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.
© 2012 Boise State University15 Best Practices Data ClassificationHow To Protect Systems Minimum Security Standard for Systems Click for Next Slide!
© 2012 Boise State University16 Best Practices Protecting Information Dont let personnel issues become security issues Control access to buildings and work areas If you print itgo get it right away Lock up sensitive informationincluding laptops Store sensitive information on file servers Shred it if you can Know Boise State Information Handling Policies
© 2012 Boise State University17 Best Practices Protecting Information Use strong passwords Change passwords often Use different passwords on different systems Never share your password Password protect your screensaver Manually lock your screen whenever you leave your desk
© 2012 Boise State University18 Best Practices Protecting Information Be sure your office computers operating systems and anti-virus software are up-to-date Remind staff to never open unsolicited email from an unknown source or click on unfamiliar web addresses Follow computer salvage proceduresfor disks, too!
© 2012 Boise State University19 Example of Poor Practices The next two slides show articles from a local newspaper regarding an insurance agency just Dropping Off boxes full of personal records at a local recycling center. These boxes were left after hours when the recycling center was closed. The article states that it could have been an Identity Thief's gold mine
© 2012 Boise State University20 Click for Next Slide!
© 2012 Boise State University21 Click for Next Slide!
© 2012 Boise State University22 What to Do! Know who to call! I think an office computer is infected, what do I do? Call the Help Desk @ 6- 4357 I think I lost the USB drive I used to take some sensitive files home to work on, what do I do? Call Information Security Services -@ 6-5501
© 2012 Boise State University23 Information Security for Your Office Incident Response Procedure
© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services
© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services
Securing Information in the Higher Education Office.
Best PracticesUSCA Fall 2010: Baylor University3.
Information Security 2013 Roadshow. Roadshow Outline Why We Care About Information Security Safe Computing Recognize a Secure Web Site (HTTPS) How.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Springfield Technical Community College Security Awareness Training.
New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
ESCCO Data Security Training David Dixon September 2014.
Privacy, Security, Confidentiality, and Legal Issues
Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
HFS DATA SECURITY TRAINING
Government Agency’s Name April At the end of this course, the learner will be able to: ◦ Define personally identifiable information ◦ List examples.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
IT Security Essentials Ian Lazerwitz, Information Security Officer.
Rob Walker, May 2008Student Learning Unit Victoria University1 Essay Writing A workshop for ASW 3102: Critical Social Work Theories.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined: the crime of obtaining the personal or financial information of another.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
9th October 2003James Loken – Oxford University1 SCT X-ray Alignment Software A First Look.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Privacy and Information Management ICT Guidelines.
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
By: Asfa Khan and Huda Mukhtar 1. IDENTITY THEFT Identity theft is basically a stage of collecting someone else’s personal information for a criminal.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Protecting Sensitive Information PA Turnpike Commission.
Opole University1 Jerzy Jendrośka Implementing the CCS Directive in Poland: key findings from the transposition process Implementing the EU CO2 Storage.
Incident Security & Confidentiality Integrity Availability.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
© 2017 SlidePlayer.com Inc. All rights reserved.