© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services

Slides:

Advertisements

Similar presentations

Opole University1 Jerzy Jendrośka Implementing the CCS Directive in Poland: key findings from the transposition process Implementing the EU CO2 Storage.

Advertisements

© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Best PracticesUSCA Fall 2010: Baylor University3.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

9th October 2003James Loken – Oxford University1 SCT X-ray Alignment Software A First Look.

Rob Walker, May 2008Student Learning Unit Victoria University1 Essay Writing A workshop for ASW 3102: Critical Social Work Theories.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/

Privacy, Security, Confidentiality, and Legal Issues

Springfield Technical Community College Security Awareness Training.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

HFS DATA SECURITY TRAINING

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA Privacy & Security EVMS Health Services 2004 Training.

Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.

Protecting Sensitive Information PA Turnpike Commission.

Securing Information in the Higher Education Office.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

ESCCO Data Security Training David Dixon September 2014.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Privacy and Information Management ICT Guidelines.

INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

Incident Security & Confidentiality Integrity Availability.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

By: Asfa Khan and Huda Mukhtar

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Government Agency’s Name April  At the end of this course, the learner will be able to: ◦ Define personally identifiable information ◦ List examples.

Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

SECURITY AWARENESS TRAINING FOR DSHS CONTRACTORS DSHS Information Technology Security Awareness Training Click below to continue.

Information Technology Overview Welcome to NC State!

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Protecting PHI & PII 12/30/2017 6:45 AM

E&O Risk Management: Meeting the Challenge of Change

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Staying Austin College

Protecting Your Identity:

Move this to online module slides 11-56

School of Medicine Orientation Information Security Training

Presentation transcript:

© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services

© 2012 Boise State University2 Universities in the News! University of Idaho 70,000 Donor Records University of Texas at Austin 225,000 Student Records UCLA 500,000 Student Records

© 2012 Boise State University3 University NOT in the News! Boise State University Zero Lost Records So Far! Go Broncos!

© 2012 Boise State University4 Information We Keep Students, Faculty, Staff, Donors, Contractors Financial Records Grades Credit Card Information Health Care Information Addresses Phone Numbers Insurance Records Social Security Numbers All Protected By Law!

© 2012 Boise State University5 Alphabet Soup So Many Laws... FERPA HIPAA PCI-DSS GLBA SOX Red Flag Alerts Idaho Code § §28-51-

© 2012 Boise State University6 Alphabet Soup Information Technology Resource Use (8000) Information Privacy and Security (8060) Cash Handling (6010)

© 2012 Boise State University7 Alphabet Soup What is PII? Personally Identifiable Information The One Acronym That Says it All!

© 2012 Boise State University8 Best Practices Know the Data Your Office Handles Data Classification Know How to Safeguard the Data Protecting Information

© 2012 Boise State University9 Best Practices Data Classification Method to identify the level of protection various kinds of information need or require A rubric of three levels of sensitivity Level One - Private Level Two - Protected Level Three - Public

© 2012 Boise State University10 Best Practices Data ClassificationLevel One – Private information that must be protected as required by law, industry regulation, or by contract Examples - Student or employee records; social security numbers; A numbers; grades; employee performance reviews; personnel files; personally identifiable information; – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

© 2012 Boise State University11 Best Practices Data ClassificationLevel Two Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, Idahos Open Records Law Examples - Internal s; meeting minutes; unit working & draft documents. Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

© 2012 Boise State University12 Best Practices Data ClassificationLevel Three Public Information Examples - Standard practice guides and policies; college plan; personal directory; maps; course catalog, public web page, press releases, advertisements, schedules of classes. Consequences of loss Loss of personal data with no impact to the university Bad Publicity

© 2012 Boise State University13 Best Practices Data ClassificationHow To CIA: The Big Three of Information Security C onfidentiality the need to strictly limit access to data to protect the university and individuals from loss I ntegrity data must be accurate and users must be able to trust its accuracy A vailability data must be accessible to authorized persons, entities, or devices

© 2012 Boise State University14 Best Practices Data ClassificationHow Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.

© 2012 Boise State University15 Best Practices Data ClassificationHow To Protect Systems Minimum Security Standard for Systems Click for Next Slide!

© 2012 Boise State University16 Best Practices Protecting Information Dont let personnel issues become security issues Control access to buildings and work areas If you print itgo get it right away Lock up sensitive informationincluding laptops Store sensitive information on file servers Shred it if you can Know Boise State Information Handling Policies

© 2012 Boise State University17 Best Practices Protecting Information Use strong passwords Change passwords often Use different passwords on different systems Never share your password Password protect your screensaver Manually lock your screen whenever you leave your desk

© 2012 Boise State University18 Best Practices Protecting Information Be sure your office computers operating systems and anti-virus software are up-to-date Remind staff to never open unsolicited from an unknown source or click on unfamiliar web addresses Follow computer salvage proceduresfor disks, too!

© 2012 Boise State University19 Example of Poor Practices The next two slides show articles from a local newspaper regarding an insurance agency just Dropping Off boxes full of personal records at a local recycling center. These boxes were left after hours when the recycling center was closed. The article states that it could have been an Identity Thief's gold mine

© 2012 Boise State University20 Click for Next Slide!

© 2012 Boise State University21 Click for Next Slide!

© 2012 Boise State University22 What to Do! Know who to call! I think an office computer is infected, what do I do? Call the Help I think I lost the USB drive I used to take some sensitive files home to work on, what do I do? Call Information Security Services

© 2012 Boise State University23 Information Security for Your Office Incident Response Procedure