Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.

Published byMatthew Quinn Modified over 10 years ago

Similar presentations

Presentation on theme: "Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico."— Presentation transcript:

1 Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico

2 Secure IT 2005 – Panel Discussion Agenda CCC 1798.29 Review SDSU Overview UCSD Overview CSU Chico Overview Common Questions Questions From Attendees

3 Secure IT 2005 – Panel Discussion California Civil Code 1798.29 AKA SB1386, California Database Notification Act http://www.leginfo.ca.gov/calaw.htmlhttp://www.leginfo.ca.gov/calaw.html (check civil code box, type 1798.29) http://www.leginfo.ca.gov/calaw.html Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

4 Secure IT 2005 – Panel Discussion Personal information : individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (last four SSN + DOB, TAX ID) (1) Social security number. (last four SSN + DOB, TAX ID) (2) Driver's license number or California Identification Card number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit required security code, access code, or password that would permit access to an individual's financial account (ACH). access to an individual's financial account (ACH). Breach of the security of the system..Reasonably believed to have been: unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency.

5 California Civil Code 1798.29 …continued The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law Enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of The data system…

6 Secure IT 2005 – Panel Discussion Resident of California: Unencrypted: Most expedient time possible and without unreasonable delay: Needs of law Enforcement : will impede a criminal investigation….the law enforcement agency determines that it will not compromise the investigation Any measures necessary to determine the scope of the breach: Restore the reasonable integrity:

7 Secure IT 2005 – Panel Discussion SDSU Overview Felecia Vlahos, ISO Felecia Vlahos, ISO Feb 24/March 16-22 2004 Feb 24/March 16-22 2004 Financial aid file server+19 others Financial aid file server+19 others Unpatched faculty system/Internal password attack Unpatched faculty system/Internal password attack Sending spam and downloading music Sending spam and downloading music FAFSA applicants up to 10 years prior FAFSA applicants up to 10 years prior SSN/DOB SSN/DOB Managed by IT Security Office Managed by IT Security Office 206,876 notified 206,876 notified $187,254 $187,254

8 Secure IT 2005 – Panel Discussion UCSD Overview Sally Brainerd, Associate Controller Sally Brainerd, Associate Controller April 16 – 18, 2004 April 16 – 18, 2004 EFT (Financial Aid), 2 Scan Stations & a Check Process Station EFT (Financial Aid), 2 Scan Stations & a Check Process Station Non- encrypted files, stranded images and stored cached check data Non- encrypted files, stranded images and stored cached check data FTP Servers installed FTP Servers installed Students, applicants, staff, faculty, parents Students, applicants, staff, faculty, parents SSN, DL, Bank (Checking account) SSN, DL, Bank (Checking account) Office of the Controller/BFS Systems Office of the Controller/BFS Systems Announced 380k, actual 364k, notified 322k Announced 380k, actual 364k, notified 322k $204,000 $204,000

9 Secure IT 2005 – Panel Discussion CSU Chico Overview Brooke Banks, ISO Brooke Banks, ISO Feb 16/March 14-16 2005 Feb 16/March 14-16 2005 Housing office server Housing office server Web/File/Print server with unencrypted historical records Web/File/Print server with unencrypted historical records Root kit and FTP server installed, scans of other servers Root kit and FTP server installed, scans of other servers ID card file - faculty, staff and students (Name, SSN) ID card file - faculty, staff and students (Name, SSN) Housing database – prospective students, as well as residents for last 5 years (Name, SSN, contact information) Housing database – prospective students, as well as residents for last 5 years (Name, SSN, contact information) Managed by IT Security Office Managed by IT Security Office 59,268 notified via e-mail and/or postal mail 59,268 notified via e-mail and/or postal mail Cost TBD Cost TBD

10 Secure IT 2005 – Panel Discussion FAQ 1. What security measures were in place to prevent incident? What changed afterward?

11 Secure IT 2005 – Panel Discussion FAQ 2. Was law enforcement contacted? Able to identify hacker?

12 Secure IT 2005 – Panel Discussion FAQ 3. Discuss interpretation of CCC 1798.29 most expedient and process used to produce notifications (letters/web/emails)

13 Secure IT 2005 – Panel Discussion FAQ 4. Reaction from University staff/faculty/students?

14 Secure IT 2005 – Panel Discussion FAQ 5. What volume and types of calls/emails/letters/media received after notification?

15 Secure IT 2005 – Panel Discussion FAQ 6. What types and values of cost were incurred?

16 Secure IT 2005 – Panel Discussion Questions from Attendees

Download ppt "Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico."

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Getting Legal: Building the ISO/Legal Counsel Relationship through GLB Dr. Dan Manson Cal Poly Pomona

Getting Legal: Building the ISO/Legal Counsel Relationship through GLB Dr. Dan Manson Cal Poly Pomona
HOW TO RESPOND TO A DATA BREACH: ITS NOT JUST ABOUT HIPAA ANYMORE The Fourteenth National HIPAA Summit March 29, 2007 Renee H. Martin, JD, RN, MSN Tsoules,

HOW TO RESPOND TO A DATA BREACH: ITS NOT JUST ABOUT HIPAA ANYMORE The Fourteenth National HIPAA Summit March 29, 2007 Renee H. Martin, JD, RN, MSN Tsoules,
COMPLETING THE 2012- 13 FREE APPLICATION FOR FEDERAL STUDENT AID (FAFSA) Presented by: Student Support Services and the Financial Aid Office at HCC 1.

COMPLETING THE FREE APPLICATION FOR FEDERAL STUDENT AID (FAFSA) Presented by: Student Support Services and the Financial Aid Office at HCC 1.
Richmond House, Liverpool (1) 26 th January 2004.

Richmond House, Liverpool (1) 26 th January 2004.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.

Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.
Sensitive Data Exposure Risks & Response at Indiana University

Sensitive Data Exposure Risks & Response at Indiana University
IAPP Seminar, June 11, 20041 CA Privacy Law: Resources & Protections Dana F. Winterrowd, Staff Counsel California Department of Consumer Affairs.

IAPP Seminar, June 11, CA Privacy Law: Resources & Protections Dana F. Winterrowd, Staff Counsel California Department of Consumer Affairs.
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
FERPA (Oops, can I say that?) Online Tutoring Training Workshop The Learning Center The University of Louisiana-Lafayette.

FERPA (Oops, can I say that?) Online Tutoring Training Workshop The Learning Center The University of Louisiana-Lafayette.
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference Joan Wilson Asst Attorney General State of Alaska

A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference Joan Wilson Asst Attorney General State of Alaska
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Presented by: Roberta Ward CDHS Privacy Officer Phone: (916) 440-7750 www.dhs.ca.gov/privacyoffice.

Presented by: Roberta Ward CDHS Privacy Officer Phone: (916)
Identity Theft. MIS Training Institute, Inc.Section X - Slide 2CS1 053 ©Network Security Services, LLC Outline n Definitions n Methods used n Ways to.

Identity Theft. MIS Training Institute, Inc.Section X - Slide 2CS1 053 ©Network Security Services, LLC Outline n Definitions n Methods used n Ways to.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Responding to a Data Security Breach

Responding to a Data Security Breach

Similar presentations

Ads by Google