Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI.

Slides:



Advertisements
Similar presentations
An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.
Advertisements

First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.
Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Beach Park Schools Beach Park, Illinois Introduces.
COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Business Intelligence Michael Gross Tina Larsell Chad Anderson.
Data Warehouse Yong Shi CSE DEPARTMENT. Strategic delivery of information The current Situation The never-ending quest to access any information, anywhere,
MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
1 Mon. December 3, 2001A Secure National ID Card Group 8 Chris Marinak Mike Cuvelier Adam Sowers Saud Bangash.
Basics of Access Control A new & exciting world.
Amber Vision – June 25, 2010 Presentation to: West Virginia Board of Education Superintendent’s Leadership Institute.
Security SIG August 19, 2010 Justin C. Klein Keane
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.
LOGO an analysis of the system of a pharmacy hope © Hamed musallam Hussin shaalan Ibrahim alsharif
Legal Audits for E-Commerce Copyright (c) 2000 Montana Law Review Montana Law Review Winter, Mont. L. Rev. 77 by Richard C. Bulman, Jr., Esq. and.
Software Configuration Management (SCM)
Overview of the Florida State Disbursement Unit. The Role of the State Disbursement Unit (SDU) Operate a single statewide centralized payment and distribution.
CORPORATE SERVICES Empowering Students For A Lifetime Of Success.
J.H.Saltzer, D.P.Reed, C.C.Clark End-to-End Arguments in System Design Reading Group 19/11/03 Torsten Ackemann.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
June 20, 2012 Outsourcing Physical Plant Should I ???
Data Quality: Treasure in/Treasure Out Victoria Essenmacher, SPEC Associates Melanie Hwalek, SPEC Associates Portions of this presentation were created.
Group 2: Marco Hidalgo Wesley Lao Michelle Marquez-Lim
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Impact: Cloud Computing Theresa Rowe Educause Live.
Keeping Things Simple Is Harder Than You Think Brad Hannah – Manager, Systems and Storage ITServices - Queen’s University April 28 th 2014
Auditing Information Systems (AIS)
Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.
Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
Session 2.4: Coaching, Feedback, and Delegation Skills Module 2: Managing Human Resources Leadership and Management Course for ZHRC Coordinators and HTI.
Note1 (Admi1) Overview of administering security.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
An overview of multi-criteria analysis techniques The main role of the techniques is to deal with the difficulties that human decision-makers have been.
Edware Solutions ® Edsafe ™ Next Generation Student Safety System.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
Attendance Management Work time with APACS. Overview APACS can take attendance to see what cardholders were on site and for how long Reports can also.
Security SIG August 19, 2010 Justin C. Klein Keane
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
1 Sean Aluoto Anthony Keeley Eric Werner. 2 Project Plan Overview Project Lifecycle model Time line Deliverables Organization plan Risk management Design.
Internet of Things Business Case Template. Powered by InfoTech, provided by Atlantic BT Summarize the business case for analyzing the Internet of Things.
Check By Phone Software - A Tool To Accept Checks Payments in Seconds Submitted By :
Management Information Systems & School Registration 1.
Setting up Remote Access Brent Reeser Technical Product Manager Windows Server Marketing.
Performing Risk Analysis and Testing: Outsource or In-house
Securing Network Servers
Searchable Encryption in Cloud
Work on the Fly Hosted Solutions for Timeslips Customers
Thomas Russack Susanne Menges
Athina Antoniou and Lilian Mitrou
Tim Carter Sales Director Sybase Confidential Propriety.
reporting on event attendance using a simple yet effective method
Tim Carter Sales Director Sybase Confidential Propriety.
CYB 100 Education on your terms/snaptutorial.com.
IS4680 Security Auditing for Compliance
What is DBA? Discus the basic duties of DBA.
PLANNING A SECURE BASELINE INSTALLATION
Protect data in core business applications
Presentation transcript:

Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI

Overview Present a short case study, still in development, to illustrate the “power” of privacy concerns around biometrics Discuss key questions that may be raised in any campus deployment Lead into an in-depth review of the law 11/18/10Wayne State University2

The Situation A large urban campus, 100 buildings 200 custodial staff, unionized Central check-in inefficient, error-prone Desire distributed readers so staff can report directly to their work location Remote check-in easily spoofed with magnetic stripe card readers 11/18/10Wayne State University3

Perfect Solution Biometric readers inside all buildings for check-in and check-out of custodial staff Biometric readers well-proven technologies, not easily spoofed Initial up-front cost, but reasonable maintenance costs 11/18/10Wayne State University4

So, why are we installing CARD readers? Privacy became a key issue Concern about dealing with privacy led to many other questions: Does the technology solve our problem? Introduce other problems? Worth the cost? Maintenance questions? 11/18/10Wayne State University5

Biometrics - Privacy Concerns How secure are the data? Hosted solution, added concerns? Who has access? What data are we gathering? If released, how might it be used? How long do we keep it? What will be done with it? 11/18/10Wayne State University6

Security Storage is in highly secure environments SAS 70 security audit Access to data is strictly controlled by password and role All data are transmitted via VPN 11/18/10Wayne State University7

What Data? Biometric identifier vs. tracking data Biometric identifier considered was hand geometry Physical images would not be stored Hand geometry technology is encrypted on both ends (storage and reader) and of no use if decrypted otherwise 11/18/10Wayne State University8

How Will Data Be Used? Management reports only Reports using biometrics would be no different than if card readers or manual entry of attendance data were deployed 11/18/10Wayne State University9

So why are we installing CARD readers? No guarantees (are there ever?) Technology sounds complex, obtuse Don’t trust what you don’t understand Don’t trust technology and administration Deployment plan with biometrics would close some loopholes, but not all Therefore, start with less intrusive process 11/18/10Wayne State University10

In Our Case... More Work Card readers are accepted and address the first problem of efficiency – staff go directly to work assignments Biometrics would help eliminate spoofing and problems with lost cards Neither solves absence between check-in and check- out Building access is a related issue 11/18/10Wayne State University11

In Your Case Problem analysis is critical. Biometrics are just tools. Processes are critical. Total plan must be solid, ROI analysis solid, need for biometrics solid, particular technology well chosen. Campus culture cannot be ignored. 11/18/10Wayne State University12

Closing Choose least intrusive technology Make it simple to understand Transparency is required Consider broad participation in decision process to aid adoption Differentiate between what is required by law and what is required by your culture 11/18/10Wayne State University13

Patrick J. Gossman, Ph.D. Deputy Chief Information Officer Wayne State University Detroit, MI (313) /18/10Wayne State University14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.