Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services

Published byFrancesca Fussell Modified over 10 years ago

Similar presentations

Presentation on theme: "© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services"— Presentation transcript:

1 © 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services http://oit.boisestate.edu/security/

2 © 2012 Boise State University2 Universities in the News! University of Idaho 70,000 Donor Records University of Texas at Austin 225,000 Student Records UCLA 500,000 Student Records

3 © 2012 Boise State University3 University NOT in the News! Boise State University Zero Lost Records So Far! Go Broncos!

4 © 2012 Boise State University4 Information We Keep Students, Faculty, Staff, Donors, Contractors Financial Records Grades Credit Card Information Health Care Information Addresses Phone Numbers Insurance Records Social Security Numbers All Protected By Law!

5 © 2012 Boise State University5 Alphabet Soup So Many Laws... FERPA HIPAA PCI-DSS GLBA SOX Red Flag Alerts Idaho Code §28-51-105 §28-51-

6 © 2012 Boise State University6 Alphabet Soup Information Technology Resource Use (8000) http://policy.boisestate.edu/wp-content/uploads/2011/05/8000_informationtechnologyresourceuse.pdf Information Privacy and Security (8060) http://policy.boisestate.edu/wp-content/uploads/2011/05/8060_InformationPrivacySecurity.pdf Cash Handling (6010) http://policy.boisestate.edu/wp-content/uploads/2011/05/6010_CashHandling.pdf

7 © 2012 Boise State University7 Alphabet Soup What is PII? Personally Identifiable Information The One Acronym That Says it All!

8 © 2012 Boise State University8 Best Practices Know the Data Your Office Handles Data Classification Know How to Safeguard the Data Protecting Information

9 © 2012 Boise State University9 Best Practices Data Classification Method to identify the level of protection various kinds of information need or require A rubric of three levels of sensitivity Level One - Private Level Two - Protected Level Three - Public http://oit.boisestate.edu/security/it-security-policy-and-procedures/dataclassification/

10 © 2012 Boise State University10 Best Practices Data ClassificationLevel One – Private information that must be protected as required by law, industry regulation, or by contract Examples - Student or employee records; social security numbers; A numbers; grades; employee performance reviews; personnel files; personally identifiable information; – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

11 © 2012 Boise State University11 Best Practices Data ClassificationLevel Two Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, Idahos Open Records Law Examples - Internal e-mails; meeting minutes; unit working & draft documents. Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

12 © 2012 Boise State University12 Best Practices Data ClassificationLevel Three Public Information Examples - Standard practice guides and policies; college plan; personal directory; maps; course catalog, public web page, press releases, advertisements, schedules of classes. Consequences of loss Loss of personal data with no impact to the university Bad Publicity

13 © 2012 Boise State University13 Best Practices Data ClassificationHow To CIA: The Big Three of Information Security C onfidentiality the need to strictly limit access to data to protect the university and individuals from loss I ntegrity data must be accurate and users must be able to trust its accuracy A vailability data must be accessible to authorized persons, entities, or devices http://oit.boisestate.edu/security/it-security-policy-and-procedures/dataclassification/how2classdata/

14 © 2012 Boise State University14 Best Practices Data ClassificationHow Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.

15 © 2012 Boise State University15 Best Practices Data ClassificationHow To Protect Systems Minimum Security Standard for Systems Click for Next Slide!

16 © 2012 Boise State University16 Best Practices Protecting Information Dont let personnel issues become security issues Control access to buildings and work areas If you print itgo get it right away Lock up sensitive informationincluding laptops Store sensitive information on file servers Shred it if you can Know Boise State Information Handling Policies

17 © 2012 Boise State University17 Best Practices Protecting Information Use strong passwords Change passwords often Use different passwords on different systems Never share your password Password protect your screensaver Manually lock your screen whenever you leave your desk

18 © 2012 Boise State University18 Best Practices Protecting Information Be sure your office computers operating systems and anti-virus software are up-to-date Remind staff to never open unsolicited email from an unknown source or click on unfamiliar web addresses Follow computer salvage proceduresfor disks, too!

19 © 2012 Boise State University19 Example of Poor Practices The next two slides show articles from a local newspaper regarding an insurance agency just Dropping Off boxes full of personal records at a local recycling center. These boxes were left after hours when the recycling center was closed. The article states that it could have been an Identity Thief's gold mine

20 © 2012 Boise State University20 Click for Next Slide!

21 © 2012 Boise State University21 Click for Next Slide!

22 © 2012 Boise State University22 What to Do! Know who to call! I think an office computer is infected, what do I do? Call the Help Desk @ 6- 4357 I think I lost the USB drive I used to take some sensitive files home to work on, what do I do? Call Information Security Services -@ 6-5501

23 © 2012 Boise State University23 Information Security for Your Office Incident Response Procedure

Download ppt "© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services"

Similar presentations

Opole University1 Jerzy Jendrośka Implementing the CCS Directive in Poland: key findings from the transposition process Implementing the EU CO2 Storage.

Opole University1 Jerzy Jendrośka Implementing the CCS Directive in Poland: key findings from the transposition process Implementing the EU CO2 Storage.
© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services

© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, 2014 1IT Security, East Carolina University.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services

© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Best PracticesUSCA Fall 2010: Baylor University3.

Best PracticesUSCA Fall 2010: Baylor University3.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
9th October 2003James Loken – Oxford University1 SCT X-ray Alignment Software A First Look.

9th October 2003James Loken – Oxford University1 SCT X-ray Alignment Software A First Look.
Rob Walker, May 2008Student Learning Unit Victoria University1 Essay Writing A workshop for ASW 3102: Critical Social Work Theories.

Rob Walker, May 2008Student Learning Unit Victoria University1 Essay Writing A workshop for ASW 3102: Critical Social Work Theories.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/2015 1.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

Similar presentations

Ads by Google