Presentation is loading. Please wait.

Presentation is loading. Please wait.

PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014.

Published byChristina Anthony Modified over 9 years ago

Similar presentations

Presentation on theme: "PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014."— Presentation transcript:

1 PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014

2 Annual PII update with Chancellor Perlman and SAT For the past 3 years the Office of Internal Audit and Information Technology Services have updated the Chancellor and SAT on the status of PII stored/used at UNL Share inventory of the total number of PII records –Focus placed on data stores with 10,000 or more unique records –Include trends from the past year Is total number going up or down? Document details about how data is being secured

3 What is PII? PII is described by state statute –SSN's –drivers license numbers –biometric information –credit card numbers –and financial account information when combined with a PIN and the records include a first and last name, or first initial and last name.

4 Identity Exposure Risk Areas Administrative Areas Faculty Areas Research Areas Employees with Longevity

5 Administrative Areas HR Responsibilities –PAF, Salary Supervisors Employee Evaluations

6 Faculty Areas Grade Books Student Papers Publications Conference Material

7 Research Servers administrated by Researchers –Accounts and authentication protocols –Remote Access and VPN Graduate Student shared computers –Personal information requirements

8 Employees with Longevity Prior to 2005 Forgotten data –Moved data during hardware upgrades without cleansing Previous Responsibilities

9 IT Role Educate Data Owner –Data Security Classification Public Data Non-Public Data Confidential Data (Identity Finder http://its.unl.edu/ea/unl-data-security-guidelines-definitions Consult with Data Security (Rick) –All PII must be Registered VPN Adherence

10

11 Identifying the Risk Identity Finder –A tool to scan desktops, laptops and servers searching for records with PII in them –The tool is available from Dan Buser in ITS Security –Department tech staff can have access to the admin console to manage scan results from their computers.

12 Identifying the Risk Symantec Data Loss Prevention (Vontu) –Scanning appliances at the edge of UNL network looking for PII entering or leaving the campus –Data is flagged if is believed to contain PII, sender is contacted if it is indeed PII.

13 Mitigating the Risks Deploy Identity Finder on all desktops, laptops and servers –It is hard to protect/manage what we don’t know we have Ability to deploy Identity Finder with our new client management tools (Casper and SCCM) Performing regular scans on all desktops, laptops and servers will lower our risk of exposure Keep all operating systems patched, and applications up-to-date Disable all ports and services that are not needed Enable logging Regularly check logs

14 Role We Can Play Educate data owner on Data Classification (maybe include 3 levels) Keep ITS Security in the loop All PII being used or stored needs to be registered at http://its.unl.edu/ssn

15 ©2007 The Board of Regents of the University of Nebraska. All rights reserved. Questions?

Download ppt "PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
IT Asset Management Status Update 02/15/2010. 2 Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Property Theft FY 2014 July - May Reported Thefts Unfounded Actual UGA as Victim Total Loss 384 82 302 71 $321,058.

Property Theft FY 2014 July - May Reported Thefts Unfounded Actual UGA as Victim Total Loss $321,058.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
Secure | Resolutions Over 1 million computers are currently protected by Secure Resolutions’ technology.

Secure | Resolutions Over 1 million computers are currently protected by Secure Resolutions’ technology.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
New Staff Orientation Kay Carlisi Instructional Computing Coordinator.

New Staff Orientation Kay Carlisi Instructional Computing Coordinator.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.

Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Penn State University College Of Education Understanding College of Education Resources.

Penn State University College Of Education Understanding College of Education Resources.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Similar presentations

Ads by Google