Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Similar presentations


Presentation on theme: "Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance."— Presentation transcript:

1 Information Security Awareness April 13, 2003

2 Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance Our responsibility to safeguard private info Our responsibility to safeguard private info Rapid growth in the number, frequency, and destructiveness of electronic attacks Rapid growth in the number, frequency, and destructiveness of electronic attacks Failure to take appropriate safeguards leaves college open to civil lawsuit Failure to take appropriate safeguards leaves college open to civil lawsuit

3 Actions Taken HIPAA task force HIPAA task force Appointment of Information Security Officer, Information Security Coordinator Appointment of Information Security Officer, Information Security Coordinator Task force to examine GLB compliance Task force to examine GLB compliance Survey of private information held by departments covered by GLB Survey of private information held by departments covered by GLB Draft Information Security Plan for GLB Draft Information Security Plan for GLB

4 Actions Taken (continued) Centrally managed virus protection Centrally managed virus protection Servers in a secured area Servers in a secured area Frequent systems backups, offsite tape storage Frequent systems backups, offsite tape storage Network traffic management tools regulate, diagnose incursions and policy violations Network traffic management tools regulate, diagnose incursions and policy violations Firewall, Virtual Private Network Firewall, Virtual Private Network SSN to Generated ID conversion plan SSN to Generated ID conversion plan

5 Next Steps Policy and Procedures review Policy and Procedures review Clarification of covered information Clarification of covered information Review account security Review account security Approve Information Security Plan (ISP) Approve Information Security Plan (ISP) Self-assessment using ISP Self-assessment using ISP Make security adjustments in policies, practices, ISP Make security adjustments in policies, practices, ISP Tighten electronic security to reduce liability Tighten electronic security to reduce liability

6 In The Meantime Be sensitive to what private individual information you hold Be sensitive to what private individual information you hold If you don’t need it to do your job, give it back to the information custodian If you don’t need it to do your job, give it back to the information custodian Use common sense to protect its privacy Use common sense to protect its privacy Follow written policies and procedures Follow written policies and procedures Report breaches to Mary Holland (ISO) or Kevin Connolly (ISC) Report breaches to Mary Holland (ISO) or Kevin Connolly (ISC)

7 Basic Systems Security Keep confidential paper records locked Keep confidential paper records locked Wipe data from old media before disposal Wipe data from old media before disposal Keep user IDs and passwords private Keep user IDs and passwords private Change passwords frequently Change passwords frequently Don’t share your account Don’t share your account Log off when you leave Log off when you leave Lock your office when you leave Lock your office when you leave Report suspected violations Report suspected violations

8 SSN/Generated ID Conversion Project IT conducted an assessment of effort required to IT conducted an assessment of effort required to convert systems from using SSN as ID to a generated ID convert systems from using SSN as ID to a generated ID remove use of SSN as a password remove use of SSN as a password Not a legal requirement but a method of risk reduction against electronic theft Not a legal requirement but a method of risk reduction against electronic theft

9 Generated ID Project Scope Banner plus 7 other systems use SSN as an ID (highest risk) Banner plus 7 other systems use SSN as an ID (highest risk) 3 systems use SSN for password (low risk) 3 systems use SSN for password (low risk) Immediate risk reduction: Web for Faculty implementation reduces exposure of SSN Immediate risk reduction: Web for Faculty implementation reduces exposure of SSN New network, , Blackboard passwords to be generated values fall ‘04 New network, , Blackboard passwords to be generated values fall ‘04

10 Project Timing 1-2 year project depending on resources available and intervening priorities 1-2 year project depending on resources available and intervening priorities Development and test takes most of time Development and test takes most of time Conversions to occur quickly at project end Conversions to occur quickly at project end VPs have approved project VPs have approved project Work commences after Web for Faculty and online credit card payment completes Work commences after Web for Faculty and online credit card payment completes

11 Questions?


Download ppt "Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance."

Similar presentations


Ads by Google