Presentation is loading. Please wait.

Presentation is loading. Please wait.

PERSONAL INFORMATION SWEEP Juliana Luna-Freire, Graduate Assistant David Reamer, Graduate Assistant Justin LeBreck, Applications Systems Analyst.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PERSONAL INFORMATION SWEEP Juliana Luna-Freire, Graduate Assistant David Reamer, Graduate Assistant Justin LeBreck, Applications Systems Analyst."— Presentation transcript:

1

2 PERSONAL INFORMATION SWEEP Juliana Luna-Freire, Graduate Assistant David Reamer, Graduate Assistant Justin LeBreck, Applications Systems Analyst

3  If reviewing each email took one minute it would require 5 hours to review all of them. 1 Computer/Laptop 2 Flashdrives 300 Emails How Much Data Do You Have?

4 First name or initial and last name accompanied by:  SSN  Arizona driver’s license number  Student Grades or Disciplinary Information  Human Subjects Data  Financial account or credit/debit card number What is Personal Information?

5 Legislative & Regulatory Responses Record retention and disposal law Security breach notification law Payment Card Industry Data Security Standard

6 Security Breach Notification A.R.S. Section 44-7501 The University must contact individuals residing in Arizona if their unencrypted or unredacted personal information included in a computer database is accessed and acquired by an unauthorized person.

7 Educational Security Breaches Total Number of Incidents: 139 –67.5% increase over 2006 Total Number of Institutions Affected: 112 –72.3% increase over 2006 The Educational Security Incidents Year in Review – 2007 by Adam Dodge - Posted on 2/10/08 $90-305 total cost per lost record $50 average cost per lost record for –discovery –response –notification Khalid Kark, “Calculating the Cost of a Security Breach,” Forrester Research, 4/10/07

8 Ripped From the Headlines Texas A&M Math Department Chair loses flash drives with 8,000 student SSNs 8,000 X $50 = $400,000

9 Information Security Responsibilities Users of UA data, computers and networks  compliance with laws  compliance with Board of Regents’ policy  compliance with University policy Vice Presidents, Deans, Directors, Department Heads and Heads of Centers  ultimate responsibility for UA data, computers and networks  implementation of the Information Security Policy within their units

10 1.LOCATE personal information 2.DELETE unneeded files 3.SECURE personal information 4.INSTALL Cornell Spider 5.DELETE temporary files 6.RUN Cornell Spider 7.FIND the log file 8.DELETE or SECURE personal information 9.COMPLY with applicable standards 10.REGISTER your computer 11.CERTIFY completion 12.SUBMIT the Certification http://security.arizona.edu/pi Personal Information Sweep

11 Based on your current understanding, locate the personal information under your control Consider:  all types of computers or storage devices  where you store personal information Step 1: Locate Personal Information

12 not needed for work purposes not a public record that must be retained A file containing personal information is NOT necessary if: Step 2: Delete Unneeded Files

13 If you can’t delete it, secure the information Transfer files to external media Truncate the number to last four digits Replace digits with filler X’s Encrypt personal information Step 3: Secure Personal Information

14 Steps 4, 5 & 6: Scan Computer Install and scan your computing and storage devices using Spider. http://security.arizona.edu/pistep6 http://www.microsoft.com/net

15 Cornell Spider Program Click Run Spider Click Start => Programs, Spider3 => spider_3.0.exe

16 Spider Log Viewer

17 Spider Log Viewer – False Positive

18 Steps 7 & 8: Handle Personal Information Identified by Spider Find the log file Handle files with personal information  Delete if unnecessary (Step 2)  Secure remaining files (Step 3)

19  Meet the Minimum Security for Networked Devices Standard for all computers  Meet the Server Security Standard for all servers  Register the computer - Locate MAC address: Windows Button + R => Type ‘cmd’ => Type ‘ipconfig /all’ - Go to http://dhcp.arizona.edu to register MAC address. http://dhcp.arizona.edu Step 9: Comply w/ Security Standards Step 10: Register the Computer If you keep personal information on your computer:

20  Sign the Certification Form.  Return the Certification to your department/unit head. Steps 11 & 12: Completing the Process

21 Implementation Schedule – Nov. 21st AUGSEPOCTNOVDECJANJUL Key Personnel Plan Implementation ON TIME! Key Personnel Attend/View Overview All Personnel Perform the Personal Information Sweep

22 University Information Security Office http://security.arizona.edu/pi 621-UISO (8476) Justin LeBreck - jlebreck@email.arizona.edujlebreck@email.arizona.edu Juliana Luna-Freire – juliana@email.arizona.edujuliana@email.arizona.edu David Reamer – dreamer@email.arizona.edudreamer@email.arizona.edu Instructional Comp. - cohic@email.arizona.edu Business Comp. - cohhelp@email.arizona.edu Contact Us

Download ppt "PERSONAL INFORMATION SWEEP Juliana Luna-Freire, Graduate Assistant David Reamer, Graduate Assistant Justin LeBreck, Applications Systems Analyst."

Similar presentations

AP Review Overview of UCI Pilot online review system.

AP Review Overview of UCI Pilot online review system.
Data Privacy IU Financial Transactions Sterling George Director, Financial Systems Administration and Records Management.

Data Privacy IU Financial Transactions Sterling George Director, Financial Systems Administration and Records Management.
Introduction to Records Management Policy

Introduction to Records Management Policy
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Peeling Back the Layers of an Ogre (or for those who like boring titles – Where is Our Confidential Data Hiding?) Harvard Townsend IT Security Officer.

Peeling Back the Layers of an Ogre (or for those who like boring titles – Where is Our Confidential Data Hiding?) Harvard Townsend IT Security Officer.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Security Controls – What Works

Security Controls – What Works
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.

Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
Protecting Sensitive Information PA Turnpike Commission.

Protecting Sensitive Information PA Turnpike Commission.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Managing your Graduate Appointment New Graduate Student Orientation Fall 2015 Katherine Tadlock, Assistant Dean.

Managing your Graduate Appointment New Graduate Student Orientation Fall 2015 Katherine Tadlock, Assistant Dean.
Mandatory Annual ACE Training Fiscal Year 2010 – 2011.

Mandatory Annual ACE Training Fiscal Year 2010 – 2011.

Similar presentations

Ads by Google