Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.

Similar presentations


Presentation on theme: "Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico."— Presentation transcript:

1 Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico

2 Secure IT 2005 – Panel Discussion Agenda CCC Review SDSU Overview UCSD Overview CSU Chico Overview Common Questions Questions From Attendees

3 Secure IT 2005 – Panel Discussion California Civil Code AKA SB1386, California Database Notification Act (check civil code box, type ) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

4 Secure IT 2005 – Panel Discussion Personal information : individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (last four SSN + DOB, TAX ID) (1) Social security number. (last four SSN + DOB, TAX ID) (2) Driver's license number or California Identification Card number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit required security code, access code, or password that would permit access to an individual's financial account (ACH). access to an individual's financial account (ACH). Breach of the security of the system..Reasonably believed to have been: unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency.

5 California Civil Code …continued The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law Enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of The data system…

6 Secure IT 2005 – Panel Discussion Resident of California: Unencrypted: Most expedient time possible and without unreasonable delay: Needs of law Enforcement : will impede a criminal investigation….the law enforcement agency determines that it will not compromise the investigation Any measures necessary to determine the scope of the breach: Restore the reasonable integrity:

7 Secure IT 2005 – Panel Discussion SDSU Overview Felecia Vlahos, ISO Felecia Vlahos, ISO Feb 24/March Feb 24/March Financial aid file server+19 others Financial aid file server+19 others Unpatched faculty system/Internal password attack Unpatched faculty system/Internal password attack Sending spam and downloading music Sending spam and downloading music FAFSA applicants up to 10 years prior FAFSA applicants up to 10 years prior SSN/DOB SSN/DOB Managed by IT Security Office Managed by IT Security Office 206,876 notified 206,876 notified $187,254 $187,254

8 Secure IT 2005 – Panel Discussion UCSD Overview Sally Brainerd, Associate Controller Sally Brainerd, Associate Controller April 16 – 18, 2004 April 16 – 18, 2004 EFT (Financial Aid), 2 Scan Stations & a Check Process Station EFT (Financial Aid), 2 Scan Stations & a Check Process Station Non- encrypted files, stranded images and stored cached check data Non- encrypted files, stranded images and stored cached check data FTP Servers installed FTP Servers installed Students, applicants, staff, faculty, parents Students, applicants, staff, faculty, parents SSN, DL, Bank (Checking account) SSN, DL, Bank (Checking account) Office of the Controller/BFS Systems Office of the Controller/BFS Systems Announced 380k, actual 364k, notified 322k Announced 380k, actual 364k, notified 322k $204,000 $204,000

9 Secure IT 2005 – Panel Discussion CSU Chico Overview Brooke Banks, ISO Brooke Banks, ISO Feb 16/March Feb 16/March Housing office server Housing office server Web/File/Print server with unencrypted historical records Web/File/Print server with unencrypted historical records Root kit and FTP server installed, scans of other servers Root kit and FTP server installed, scans of other servers ID card file - faculty, staff and students (Name, SSN) ID card file - faculty, staff and students (Name, SSN) Housing database – prospective students, as well as residents for last 5 years (Name, SSN, contact information) Housing database – prospective students, as well as residents for last 5 years (Name, SSN, contact information) Managed by IT Security Office Managed by IT Security Office 59,268 notified via and/or postal mail 59,268 notified via and/or postal mail Cost TBD Cost TBD

10 Secure IT 2005 – Panel Discussion FAQ 1. What security measures were in place to prevent incident? What changed afterward?

11 Secure IT 2005 – Panel Discussion FAQ 2. Was law enforcement contacted? Able to identify hacker?

12 Secure IT 2005 – Panel Discussion FAQ 3. Discuss interpretation of CCC most expedient and process used to produce notifications (letters/web/ s)

13 Secure IT 2005 – Panel Discussion FAQ 4. Reaction from University staff/faculty/students?

14 Secure IT 2005 – Panel Discussion FAQ 5. What volume and types of calls/ s/letters/media received after notification?

15 Secure IT 2005 – Panel Discussion FAQ 6. What types and values of cost were incurred?

16 Secure IT 2005 – Panel Discussion Questions from Attendees


Download ppt "Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico."

Similar presentations


Ads by Google