Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

Published byRosanna Sims Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Breach: How to Get Your Campus on the Front Page of the Chronicle?"— Presentation transcript:

1 Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

2 CCCU Tech Conference May 30, 2006 – June 2, 2006 Cedarville University David W. Tindall Assistant Vice President for Technology Services Seattle Pacific University

3 CCCU Tech Conference Agenda: Part I - Tabletop exercise in reviewing and assessing issues about data breaches. Part II - Identify next steps and understand the legal and practical implications. Part III - Summary of recommendations.

4 CCCU Tech Conference Part I “you was hacked…”

5 CCCU Tech Conference Part II Did we have a data breach? How do we know? Have we stopped the exposure? Can we assess the level of data loss? What’s the appropriate level of university involvement (VP’s, President, legal counsel, Board members)? Should we call the police/FBI? What is required to preserve evidence? What are the legal implications? What should be done to restore the web server? How should we deal with the press and/or news media? Do you have a Emergency response plan? What level of notification is required? What do you tell others at the campus?

6 CCCU Tech Conference Part III - A Sensitive Personal Information (SPI) as defined by federal and local laws Names, addresses or phone numbers – combined with any of the following –SSN or taxpayer ID# –Credit Card # –Driver’s License # –Date of birth –Financial/salary data Medical or health information protected under HIPAA Student information protected under FERPA Information under Gramm-Leach-Bliley and Sarbanes-Oxley Access codes, usernames or passwords that would permit access to systems or resources with SPI Other legal records

7 CCCU Tech Conference Part III - B Centralized Server, Centralized data Distributed Servers, decentralized data Awareness, discussion and training –Computer use policies –FERPA training before access is granted –Audit current systems and applications Scrub/data mine systems, central storage, etc… Look at email messages Faculty grade books Budget planning documents/worksheets Assess areas of risk –Hacking, exploits, unpatched systems –Worms, spam, phishing, spyware/malware –Theft of equipment –Insufficient controls and access policies for SPI –Failure on the part of 3 rd parties –Disgruntled employee or student –Inadequate or poor design and implementation of software and systems –Follow the data!! –Greater control of desktop and laptop systems (encryption, etc…)

8 CCCU Tech Conference Part III - C Recommendations from CCISC Electronic storage and disposal –Don’t store SPI data on a PDA, laptop, desktop, floppy, USB –Don’t extract SPI data from the ERP –Don’t transmit without encryption –Discard data and media quickly and in a safe manner Day-to-day use –Don’t print it out unless required –Don’t take SPI data home –Shred paper when no longer needed Security –Lock computer when not in use –Don’t share username or passwords –Lock offices and file cabinet –Eliminate forms that ask for SPI whenever possible –Don’t print SPI on mailing labels, ID cards or other distributions

9 CCCU Tech Conference Questions or comments Thank You!!

Download ppt "Data Breach: How to Get Your Campus on the Front Page of the Chronicle?"

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.

COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.

Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Similar presentations

Ads by Google