We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byFrancesca Fussell
Modified over 2 years ago
© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services
© 2012 Boise State University2 Universities in the News! University of Idaho 70,000 Donor Records University of Texas at Austin 225,000 Student Records UCLA 500,000 Student Records
© 2012 Boise State University3 University NOT in the News! Boise State University Zero Lost Records So Far! Go Broncos!
© 2012 Boise State University4 Information We Keep Students, Faculty, Staff, Donors, Contractors Financial Records Grades Credit Card Information Health Care Information Addresses Phone Numbers Insurance Records Social Security Numbers All Protected By Law!
© 2012 Boise State University5 Alphabet Soup So Many Laws... FERPA HIPAA PCI-DSS GLBA SOX Red Flag Alerts Idaho Code § §28-51-
© 2012 Boise State University6 Alphabet Soup Information Technology Resource Use (8000) Information Privacy and Security (8060) Cash Handling (6010)
© 2012 Boise State University7 Alphabet Soup What is PII? Personally Identifiable Information The One Acronym That Says it All!
© 2012 Boise State University8 Best Practices Know the Data Your Office Handles Data Classification Know How to Safeguard the Data Protecting Information
© 2012 Boise State University9 Best Practices Data Classification Method to identify the level of protection various kinds of information need or require A rubric of three levels of sensitivity Level One - Private Level Two - Protected Level Three - Public
© 2012 Boise State University10 Best Practices Data ClassificationLevel One – Private information that must be protected as required by law, industry regulation, or by contract Examples - Student or employee records; social security numbers; A numbers; grades; employee performance reviews; personnel files; personally identifiable information; – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft
© 2012 Boise State University11 Best Practices Data ClassificationLevel Two Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, Idahos Open Records Law Examples - Internal s; meeting minutes; unit working & draft documents. Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft
© 2012 Boise State University12 Best Practices Data ClassificationLevel Three Public Information Examples - Standard practice guides and policies; college plan; personal directory; maps; course catalog, public web page, press releases, advertisements, schedules of classes. Consequences of loss Loss of personal data with no impact to the university Bad Publicity
© 2012 Boise State University13 Best Practices Data ClassificationHow To CIA: The Big Three of Information Security C onfidentiality the need to strictly limit access to data to protect the university and individuals from loss I ntegrity data must be accurate and users must be able to trust its accuracy A vailability data must be accessible to authorized persons, entities, or devices
© 2012 Boise State University14 Best Practices Data ClassificationHow Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.
© 2012 Boise State University15 Best Practices Data ClassificationHow To Protect Systems Minimum Security Standard for Systems Click for Next Slide!
© 2012 Boise State University16 Best Practices Protecting Information Dont let personnel issues become security issues Control access to buildings and work areas If you print itgo get it right away Lock up sensitive informationincluding laptops Store sensitive information on file servers Shred it if you can Know Boise State Information Handling Policies
© 2012 Boise State University17 Best Practices Protecting Information Use strong passwords Change passwords often Use different passwords on different systems Never share your password Password protect your screensaver Manually lock your screen whenever you leave your desk
© 2012 Boise State University18 Best Practices Protecting Information Be sure your office computers operating systems and anti-virus software are up-to-date Remind staff to never open unsolicited from an unknown source or click on unfamiliar web addresses Follow computer salvage proceduresfor disks, too!
© 2012 Boise State University19 Example of Poor Practices The next two slides show articles from a local newspaper regarding an insurance agency just Dropping Off boxes full of personal records at a local recycling center. These boxes were left after hours when the recycling center was closed. The article states that it could have been an Identity Thief's gold mine
© 2012 Boise State University20 Click for Next Slide!
© 2012 Boise State University21 Click for Next Slide!
© 2012 Boise State University22 What to Do! Know who to call! I think an office computer is infected, what do I do? Call the Help I think I lost the USB drive I used to take some sensitive files home to work on, what do I do? Call Information Security Services
© 2012 Boise State University23 Information Security for Your Office Incident Response Procedure
© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services
© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services
1 Data Handling at Purdue. Section I The Importance of Data Security (slides 4 – 5) Laws and Policies (Slides 7 – 18) - Federal - State - Purdue Section.
Awareness - Protecting our Data Personally Identifiable Information (PII)
Personal Information Security Workshop Williams College Office for Information Technology (OIT) Winter 2010.
University Services. Agenda Technology Support Data Privacy and Security Software and Hardware Discounts for U of M Staff.
1 Gramm-Leach-Bliley Act (GLBA) Implementation of the Safeguards Rule Information Security Program University of Minnesota (Adapted from the Federal Trade.
1 Information Security Awareness Training: Good Computing Practices for Confidential Electronic Information Information Security Training for all Workforce.
Learning Module #2 HIPAA and Compliance For Clinical Students and Instructors FVHCA Member Clinical Sites Reviewed
HIPAA Security Awareness What You Need To Know. Training Overview This course will discuss the following subject areas: How this training relates to you.
Mount Auburn Hospital Information Security Awareness Training How to protect electronic information at work and at home.
Personal Information Security and Malware Awareness Workshop Bard College at Simons Rock Information Technology Services (ITS) Summer 2012 (Please sign.
Privacy and Information Security Training ( ) Privacy and Information Security Training Vanderbilt University Medical Center Information.
Slide 1 Information Protection Policies Training for MGH/MGPO Protecting Our Patients Privacy is EVERYONES responsibility Massachusetts General Hospital.
UNIVERSITY OF ALABAMA V HIPAA Privacy and Security Training For Employees Compliance is Everyones Job 1 INTERNAL USE ONLY For UA Health Care Components,
SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
HIPAA Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members about the.
How to protect your laptop, smartphone & other mobile devices CYBER SECURITY ON THE GO TCU Information Security Services.
Identity Theft Deter, Detect, and Defend At Home & At Work.
The Role of Information Security in Everyday Business.
Welcome to the SPH Information Security Learning Module.
Virginia Department for Aging and Rehabilitative Services.
Company LOGO Data Protection Fundamentals Sensitisation MQA By : Mrs. Pravina DODAH Mr. Hemrajsingh BHUGOWON Date : 09 Nov 2012.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Secure Your Computer Now How to keep your face off the evening news for compromising 98,000 student records Paul Waterstraat Geology Department University.
Ross Hughes | Dec U.S. Department of Education 2013 FSA Training Conference for Financial Aid Professionals Detecting, Protecting, Preventing, and.
Objective 7.03 Understand ways to avoid identity theft. Identity Theft.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
© 2016 SlidePlayer.com Inc. All rights reserved.