Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Information in the Higher Education Office.

Published byVivian Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing Information in the Higher Education Office."— Presentation transcript:

1

2

3 Securing Information in the Higher Education Office

4

5 Information Security Office MISSION: –B–Build Security Awareness –M–Maintain and Develop Information Security Policy –I–Investigate Information Security Incidents Protecting Our Constituent Information is a Team Effort

6 Information Security for Your Office Alphabet Soup – Laws, Rules, Regulations, Policies, Standards Best Practices – Data Classification And How to Classify Data – Protecting Information

7 Information We Keep Students, Faculty, Staff, Donors, Contractors – Financial Records – Grades – Credit Card Information – Health Care Information – Addresses – Phone Numbers – Insurance Records – Social Security Numbers All Protected By Law!

8 Alphabet Soup So Many Laws... – FERPA – HIPAA – PCI-DSS – GLB – SOX – “Red Flag” Alerts – California SB 1386§28- 51-

9 Alphabet Soup... And Institutional Policy!

10 Alphabet Soup P. I. I. – Personally Identifiable Information The One Acronym That Says it All!

11 Best Practices Know the Data Your Office Handles – Data Classification Know How to Safeguard the Data – Protecting Information

12 Best Practices Know what to protect – Data Classification Method to identify the level of protection various kinds of information need or require

13 Data Classification Example Data Classification—Level One – Private information that must be protected as required by law, industry regulation, or by contract Examples? – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

14 Data Classification Example Data Classification—Level Two – Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, state sunshine laws Examples? – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

15 Data Classification Example Data Classification—Level Three – Public Information Examples? – Consequences of loss Loss of personal use of a computer Loss of personal data with no impact to the university Bad Publicity

16 Best Practices How Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.

17 Best Practices Protecting Information – Don’t let personnel issues become security issues – Control access to buildings and work areas – If you print it—go get it right away – Lock up sensitive information—including laptops – Store sensitive information on file servers – Shred it if you can Know Your School’s Information Handling Policies

18 Best Practices Protecting Information – Use strong passwords – Change passwords often – Use different passwords on different systems – Never share your password – Password protect your screensaver Manually lock your screen whenever you leave your desk

19 Best Practices Protecting Information – Be sure your office computers’ operating systems and anti-virus software are up-to-date – Remind staff to never open unsolicited email from an unknown source or click on unfamiliar web addresses – Follow computer salvage procedures—for disks, too!

20 Best Practices Know who to call! – I think an office computer is infected, what do I do? – I think I lost the USB drive I used to take some sensitive files home to work on, what do I do?

21

Download ppt "Securing Information in the Higher Education Office."

Similar presentations

© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services

© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services
© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services

© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, 2014 1IT Security, East Carolina University.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services

© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.

National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.

Similar presentations

Ads by Google