Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Information Security & Appropriate Use of Information Resources.

Published byTracy Alders Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Security Information Security & Appropriate Use of Information Resources."— Presentation transcript:

1 IT Security Information Security & Appropriate Use of Information Resources

2 Information Security Understanding… Who’s responsible? What’s information security? Why do we need information security? What do I need to protect? How do I protect information? What’s appropriate use? What are the important policies and laws? Where do I find out more?

3 Information Security Who’s Responsible? Students? Faculty? Staff? Security administrators? The Answer = All of the above, security is everyone’s responsibility!

4 Information Security What’s Information Security? The protection of data against unauthorized access. This includes: –How we access, process, transmit, and store information –How we protect devices used to access information –How we secure paper records, telephone conversations, and other types of digital media

5 Information Security Why Do We Need Information Security? Confidential information is entrusted to us Laws and regulations govern the use of some of this confidential information We have an ethical obligation to protect this information from unauthorized access Failure to do so could leave others vulnerable to fraud and other exploits

6 Information Security What’s Confidential and What’s Not ? FACT 1 Texas State is a public institution FACT 2 Texas State is subject to the Texas Public Information Act FACT 3 Even though Texas State is subject to TPIA, this does not mean that all information at Texas State is freely provided to the public IMPORTANT NOTE: If you receive a request for information from any external party, and you aren’t certain that the information can be released, refer them to the Office of the University Attorney for further action.

7 Information and Records What Do I Need to Protect ? You may freely disclose information already available to the general public, such as information on the University’s public web pages Public information Be careful with information that may be disclosed under certain conditions, such as: telephone lists, technical and proprietary documentation, salaries, performance appraisals Sensitive University information Do not disclose information that is protected by laws, including: Social Security Numbers, credit card information, grades, transcripts, medical records Confidential information

8 Information Security How Do I Protect Information? Share confidential information only with other employees who have a need for the information When in doubt, don't give it out! If you are unsure whether or not to disclose certain information, err on the side of caution and don't release it Keep confidential phone conversations and dictation from being overheard Quickly retrieve or secure any document containing protected information that you have printed, scanned, copied, faxed, etc.

9 Information Security How Do I Protect Information? Delete and write over (i.e., "wipe") data from any electronic media before transferring or disposing of it. Ask your IT support person for assistance Position computer screens so they're not visible to anyone but the authorized user(s)

10 Information Security How Do I Protect Information? Shred paper documents and/or CDs containing confidential information before disposal, and secure such items until shredding Store documents or physical media containing confidential information in locking file-cabinets or drawers Be alert to fraudulent attempts to obtain confidential information and report these to management for referral to appropriate authorities

11 Information Security How Do I Protect Information? Log out or lock your workstation when you walk away from your work area Use strong passwords; don’t share them –At least 8 or more characters long –Mix alpha, numeric, & special characters; upper & lower case –Don’t include dictionary words or proper names –Don’t re-use all or a major portion of a prior password

12 Information Security How Do I Protect Information? Use anti-virus software and leave auto-update enabled or update your virus definitions regularly

13 Appropriate Use of Information Resources Any University device, tool, function, or process capable of receiving, storing, managing, or transmitting electronic data as well as the data itself Examples include: personal and laptop computers, servers, personal digital assistant (PDA), networks, laboratory equipment, telephones, copiers, faxes, software, and all University data Question: Is the thumb drive I received from my co-worker a University resource? Answer: Yes - if it was purchased with University funds. NOTE: If University data is on the drive, that data is a resource, regardless of the source of funds used to purchase the drive What is an information resource?

14 Appropriate Use of Information Resources – Policy Examples: unauthorized access, intentional corruption or misuse of resources, theft, child pornography, and sending harassing or threatening email to others All illegal activities will be reported to the authorities Never do anything illegal, threatening or deliberately destructive Protect against unauthorized use or access to any information resource Example: Keep confidential files secure Authorized use only Never use resources for personal financial gain or commercial purposes Examples: creating a website to accept payments, gambling, advertising or marketing personal property Personal financial gain

15 Appropriate Use of Information Resources – Policy This applies to all university resources, whether on or off campus. Do not use resources in a way that will violate any other University policy such as racial, ethnic, religious, or sexual harassment Use resources appropriately Don’t falsify your identity or send an email using someone else’s NetID. Never share your password with anyone else, including your coworker or members of your family Protect your identity Don’t duplicate or distribute copyrighted materials without explicit owner permission Examples: sharing copyrighted music or video files on the Internet, copying software or other digital media protected by copyright Be aware of copyright infringement

16 Appropriate Use of Information Resources – Policy You may not use resources to affect the result of any election or for other political purposes Political purposes Transmitting spam mail, chain letters or personal advertisements or solicitations is against policy Email Don’t attempt to break into computers, websites, or any information resources, regardless of where they are located (e.g. on or off campus, the Internet) Never try to circumvent security procedures

17 Appropriate Use of Information Resources – Copyright Protection The University respects copyright protections Licensed software may be copied only as permitted by the license, and license agreements vary in their terms of use Employees may not use unauthorized copies Any such use is without the consent of Texas State

18 Appropriate Use of Information Resources - Privacy Don ’ t think of your e-mail as private Email can be viewed by authorized staff such as System Administrators Files may be subject to open records requests Employee privacy may be limited by: –Evidence of fraud –Harassment –Other illegal conduct or rule violations

19 Appropriate Use of Information Resources – FAQs No, you may not use email to transmit spam, forward chain letters, personal advertisements, solicitations or promotions Can I use University email to advertise my new home business? Yes, you may take resources home if approved by your department head but don’t store confidential information on the laptop unless it is encrypted Can I take my laptop home for University use? No, you may not use resources to affect the results of any local, state, or national election or for any political purpose I am working on the 2008 presidential election, can I use my printer to create flyers for my candidate? Probably not. You may download from reputable sources like Itunes or Ruckus, but not from p2p file sharing networks like Ares. You may never distribute copies to friends without permission from the copyright owner Is it OK to download my favorite song to give to my friends? Check the University policy on harassment and if you believe that you are being harassed, contact the Office of Equity and Access I feel as though I am being harassed through email, what should I do?

20 Information Security What Are the Rules and Laws? FERPA – Federal Educational Rights & Privacy Act –is a federal law that protects the privacy of student educational records, and prohibits the University from disclosing information from those records without the written consent of the student –http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.htmlhttp://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html HIPAA – Health Insurance Portability & Accountability Act –is a federal law that: –Protects the privacy and security of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) –Gives patients more control over their health records –Sets limits on the accessibility and disclosure of patient health information –http://www.cms.hhs.gov/HIPAAGenInfo/http://www.cms.hhs.gov/HIPAAGenInfo/

21 Information Security What Are the Rules and Laws? Gramm-Leach-Bliley Act (GLBA) –includes provisions to protect the security and confidentiality of a consumers' personal financial information held by financial institutions - in any form or medium –Universities/agencies must not disclose any non-public, financial information to anyone except as permitted by law –http://www.ftc.gov/privacy/privacyinitiatives/glbact.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/glbact.html TPIA – Texas Public Information Act –formerly known as the Open Records Act, specifies that all recorded information owned or accessed by a governmental body is presumed to be public information, with certain exceptions –http://www.oag.state.tx.us/AG_Publications/txts/2004publicinfohb_toc.shtmlhttp://www.oag.state.tx.us/AG_Publications/txts/2004publicinfohb_toc.shtml

22 Information Security What Are the University Policies? Texas State University Policies –Appropriate Use of Information Resources (UPPS 04.01.07) http://www.txstate.edu/effective/upps/upps-04-01-07.html –Security of Texas State Information Resources (UPPS 04.01.01) http://www.txstate.edu/effective/upps/upps-04-01-01.html –Appropriate Release of Information (UPPS 01.04.00) http://www.txstate.edu/effective/upps/upps-01-04-00.html –Texas State policy requires that information resources be used only in support of University missions

23 Information Security How Do I Find Out More? Texas State Sites –IT Security - http://www.vpit.txstate.edu/security http://www.vpit.txstate.edu/security –Privacy Rights Notice - http://www.tr.txstate.edu/privacy- notice.html http://www.tr.txstate.edu/privacy- notice.html –Identity theft - http://webapps.tr.txstate.edu/security/identity.html http://webapps.tr.txstate.edu/security/identity.html –FERPA at Texas State - http://www.registrar.txstate.edu/persistent- links/ferpa.htmlhttp://www.registrar.txstate.edu/persistent- links/ferpa.html Contacts –Information Technology Security 512-245-HACK(4225), itsecurity@txstate.edu –Information Technology Assistance Center 512-245-ITAC(4822), itac@txstate.edu

Download ppt "IT Security Information Security & Appropriate Use of Information Resources."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.

Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability & Accountability Act.

HIPAA Health Insurance Portability & Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Similar presentations

Ads by Google