Presentation is loading. Please wait.

Presentation is loading. Please wait.

PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT 210-458-4679.

Similar presentations


Presentation on theme: "PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT 210-458-4679."— Presentation transcript:

1

2 PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT

3 TACUA 20112

4  Academic  Research – Tier 1  Health Care  Public  Private  What do you know? TACUA 20113

5  A CHANCE TO SHARE  VALUE ◦ Take away one good concept/tool/story/laugh.  GAME --- WHERE’S THE PII? ◦ Honesty counts! Don’t make me audit your score!  TIMELINE – keep us on track – time keeper ◦ 2:35 - stop to tally the score TACUA 20114

6 5

7  What is it?  Who are the thieves?  What do thieves do with it?  How is an identity stolen?  Who is at risk? TACUA 20116

8  What is it?  Where is it?  Who keeps it? ◦ Game…… You will need paper & pencil/pen  When do they collect it?  Why do they collect/keep it?  How do they store it? TACUA 20117

9 8 2012?? 2011 Dept Ed 2010 Red Flag 2009 Massachusetts 2002 California 1996 Canada 1984 UK 1980 OECD 1978 France 1974 Germany 1973 Sweden 1968 UN 1998 ID Theft Act

10  FERPA  HIPAA  HITECH ACT  GLBA  RED FLAG  STATE SECURITY BREACH LAWS ◦ National Conference of State Legislatures  STATE DATA DISPOSAL LAWS  STATE ENCRYPTION LAWS & IDENTITY THEFT STATUTES  FEDERAL ID THEFT & ASSUMPTION DETERRENCE ACT OF 1998  PCI-DSS  SEVP (Student & Exchange Visitor Program)  FISMA  FUTURE --- TACUA 20119

11  Comply with Security/Privacy Laws & Regulations  Protect PII / PRIVACY TACUA “The rights and obligation of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information.” The American Institute of Certified Public Accountants (AICPA)/CICA 2005

12  Collection Limitation  Data Quality  Purpose Specification  Use Limitation  Security Safeguards  Openness  Individual Participation  Accountability TACUA “Privacy is the protection of personal data and is considered a fundamental human right” OECD Guidelines 1980

13  ID Applicable Rules, Laws, Regulations  Conduct PII Discovery & Privacy Risk Assessments ◦ Impact (# records) ◦ Likelihood  Audit Privacy Framework  Perform Law/Regulation Specific Compliance Audits (e.g. PCI)  Conduct General Security Audits  Conduct Data Retention & Disposal Audits TACUA

14  Train ALL Auditors  Add Privacy Principal Audit Steps to ALL Audits  PII Sampled in ALL Data Security Audit Steps  Regulation Repository  Document Location of PII Data & Controls (Repository)  Protect Your Own Information  Participate In Incident Reporting Process  Integrate Audit Processes into Fraud Root Cause Analysis TACUA

15  Security Breaches At Universities In Past 2 Years ◦ Privacy Rights Clearinghouse ◦ Jan 2009-Aug 2010: 122 Breaches for total of 1,653,065 records  Average Cost of Security Breaches ◦ Accenture/Ponemon Institute Joint Project 2009 ◦ US - $204 Per Record ◦ International: $232 Per Record ◦ You Do The Math  Unpublished Breaches ◦ I’ll Tell You Mine, You Tell Me Yours. TACUA

16 ADD TO LIST (ANYTHING NEW) SCORING Honesty counts! Don’t make me audit your score! TACUA


Download ppt "PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT 210-458-4679."

Similar presentations


Ads by Google