Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

Slides:

Advertisements

Similar presentations

Protect Our Students Protect Ourselves

Advertisements

HIPAA Health Insurance Portability and Accountability Act of 1996

COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Welcome to the SPH Information Security Learning Module.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Springfield Technical Community College Security Awareness Training.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Data Ownership Responsibilities & Procedures

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.

Data Classification & Privacy Inventory Workshop

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.

IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

Steps to Compliance: Risk Assessment PRESENTED BY.

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

10 Essential Security Measures PA Turnpike Commission.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Protecting Sensitive Information PA Turnpike Commission.

Securing Information in the Higher Education Office.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

ESCCO Data Security Training David Dixon September 2014.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Arkansas State Law Which Governs Sensitive Information…… Part 3B

Florida Information Protection Act of 2014 (FIPA).

Privacy and Information Management ICT Guidelines.

R ed F lag R ule Training for the Veterinary Industry © Chery F. Kendrick & Kendrick Technical Services.

R ed F lag R ule Training for the Medical Industry © Chery F. Kendrick & Kendrick Technical Services.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

SPH Information Security Update September 10, 2010.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

1 HIPAA Information Security Awareness Training “Good Computing Practices” for Confidential Electronic Information For All NXC Employees October 2011.

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Information Security Awareness Training

Protect Our Students Protect Ourselves

Protecting PHI & PII 12/30/2017 6:45 AM

E&O Risk Management: Meeting the Challenge of Change

Protection of CONSUMER information

Florida Information Protection Act of 2014 (FIPA)

Florida Information Protection Act of 2014 (FIPA)

Chapter 3: IRS and FTC Data Security Rules

Red Flags Rule An Introduction County College of Morris

Welcome to the SPH Information Security Learning Module

Identity Theft Prevention Program Training

Data Security Julie D. Wilson Sr

Colorado “Protections For Consumer Data Privacy” Law

School of Medicine Orientation Information Security Training

Presentation transcript:

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

CCCU Tech Conference May 30, 2006 – June 2, 2006 Cedarville University David W. Tindall Assistant Vice President for Technology Services Seattle Pacific University

CCCU Tech Conference Agenda: Part I - Tabletop exercise in reviewing and assessing issues about data breaches. Part II - Identify next steps and understand the legal and practical implications. Part III - Summary of recommendations.

CCCU Tech Conference Part I “you was hacked…”

CCCU Tech Conference Part II Did we have a data breach? How do we know? Have we stopped the exposure? Can we assess the level of data loss? What’s the appropriate level of university involvement (VP’s, President, legal counsel, Board members)? Should we call the police/FBI? What is required to preserve evidence? What are the legal implications? What should be done to restore the web server? How should we deal with the press and/or news media? Do you have a Emergency response plan? What level of notification is required? What do you tell others at the campus?

CCCU Tech Conference Part III - A Sensitive Personal Information (SPI) as defined by federal and local laws Names, addresses or phone numbers – combined with any of the following –SSN or taxpayer ID# –Credit Card # –Driver’s License # –Date of birth –Financial/salary data Medical or health information protected under HIPAA Student information protected under FERPA Information under Gramm-Leach-Bliley and Sarbanes-Oxley Access codes, usernames or passwords that would permit access to systems or resources with SPI Other legal records

CCCU Tech Conference Part III - B Centralized Server, Centralized data Distributed Servers, decentralized data Awareness, discussion and training –Computer use policies –FERPA training before access is granted –Audit current systems and applications Scrub/data mine systems, central storage, etc… Look at messages Faculty grade books Budget planning documents/worksheets Assess areas of risk –Hacking, exploits, unpatched systems –Worms, spam, phishing, spyware/malware –Theft of equipment –Insufficient controls and access policies for SPI –Failure on the part of 3 rd parties –Disgruntled employee or student –Inadequate or poor design and implementation of software and systems –Follow the data!! –Greater control of desktop and laptop systems (encryption, etc…)

CCCU Tech Conference Part III - C Recommendations from CCISC Electronic storage and disposal –Don’t store SPI data on a PDA, laptop, desktop, floppy, USB –Don’t extract SPI data from the ERP –Don’t transmit without encryption –Discard data and media quickly and in a safe manner Day-to-day use –Don’t print it out unless required –Don’t take SPI data home –Shred paper when no longer needed Security –Lock computer when not in use –Don’t share username or passwords –Lock offices and file cabinet –Eliminate forms that ask for SPI whenever possible –Don’t print SPI on mailing labels, ID cards or other distributions

CCCU Tech Conference Questions or comments Thank You!!