Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness Training: Data Owners

Published byEdmund Gilbert Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Awareness Training: Data Owners"— Presentation transcript:

1 Security Awareness Training: Data Owners

2 Definition VITA 501-01, p. 8 2.2.8 Data Owner
The Data Owner is the agency manager responsible for the policy and practice decisions regarding data, and is responsible for the following: 1. Evaluate and classify sensitivity of the data. 2. Define protection requirements for the data based on the sensitivity of the data, any legal or regulatory requirements, and business needs. 3. Communicate data protection requirements to the System Owner. 4. Define requirements for access to the data.

3 Take Full Ownership Primary focus is to assume responsibility: As the data owner, it is your responsibility for it and to dictate how it is handled.

4 Comunication Communicate with the System Owner Regulations Policy
Access Control Reviewing Risk Assessment, Business Continuity Disposal Communicate with end-users

5 Regulations & Policies
What regulations, whether federal, state, local or organizational apply to your data: Federal: FERPA-Family Educational Rights and Privacy Act PCI DSS-Payment Card Industry Data Security Standard HIPAA-Health Insurance Portability and Accountability Act State/Regional: DHRM-Department of Human Resource Management SACS-Southern Association of Colleges and Schools SCHEV-State Council of Higher Education for Virginia VITA ITRM Standard SEC501-01 COV ITRM Standard SEC514-03 Removal of Commonwealth Data from Electronic Media Standard NSU: Acceptable Use of Technological Resources

6 Access Controls Define who has access and how:
Inform System Owner and admins as to what they need in order to protect VITA SEC Section 5 (p.26) Least privelege AAA Removing AAA Changes in AAA Shared accounts Local Admin rights Etc. NSU Password Policy Who can get to the data, when, how, permissions applied to that data Remote Access allowed? How to protect data at rest (not used or moving) Archives Not accessed often Does the Data need to be Encrypted How to protect data in motion (USB, Printing, memory) System interoperability/sharing

7 Review Data protection is no good without regular review:
VITA SEC Section 5 (p.26) “Do you know who has access and what kind of access?” (R, RW) “Who is checking those that can write?” “Protecting it?” How often Audit point Be prepared to be asked again The Access controls listed previously

8 Risk/Business Continuity
Develop with the system Owner Classify data Sensitive system is one with any data where risk is assessed as High in any of the Confidentiality, Integrity, and Availability of data.

9 Social Engineering Social Engineering Weakest link Phishing
Never give out your password Lock your computer Dumpster Diving/Shredding

Download ppt "Security Awareness Training: Data Owners"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Federal Law and Student Privacy and Federal Law and Health Care Privacy New Business Manager Training NMASBO.

Federal Law and Student Privacy and Federal Law and Health Care Privacy New Business Manager Training NMASBO.
Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Service Point 5 ReportWriter How to create and run reports in ReportWriter.

Service Point 5 ReportWriter How to create and run reports in ReportWriter.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.

HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Security Controls – What Works

Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
VITA [Virginia Information Technologies Agency]

VITA [Virginia Information Technologies Agency]
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Similar presentations

Ads by Google