Data Security Audit October 13 th, 2010 Thompson School District.

Slides:

Advertisements

Similar presentations

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.

Advertisements

1 Creating a Data Backup Oakland University University Relations Updated - June 2006.

Privacy and Information Security Training ( ) VUMC Privacy Website

Springfield Technical Community College Security Awareness Training.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Protecting Personal Information Guidance for Business.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

Consumer Issues Chapter 28.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.

Critical Data Management Indiana University HR Summit April 24, 2014.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

What You Need to Know Customer Service 1 08/09/2012.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

10 Essential Security Measures PA Turnpike Commission.

New Data Regulation Law 201 CMR TJX Video.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Protecting Sensitive Information PA Turnpike Commission.

Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.

Securing Information in the Higher Education Office.

Learning Objectives Discuss measures to address: –Physical Security –Technical Security –Administrative Security.

IT Security Awareness: Information Security is Everyone’s Business A Guide to Information Technology Security at Northern Virginia Community College.

Hacking Phishing Passwords Sourendu Gupta (TIFR).

ESCCO Data Security Training David Dixon September 2014.

Identity Theft  IDENTITY THEFT occurs when someone wrongfully acquires and uses a consumer’s personal identification, credit, or account information.

Privacy and Information Management ICT Guidelines.

Safeguarding Your Privacy Section 1.3. Safeguarding Your Privacy 1. What is Identity Theft? 2. Research a story on identity theft and be prepared to report.

Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

WE ARE DATA By Hazim Zaidani Do you really think that your personal data is protected ? Well… Think Again !!!

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

1 st Choice Document Destruction th Avenue, Milaca, Minnesota Office: Cell:

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

Changing Your Case Password And a few other words about IT Security.

Identity Theft How it happens and how to avoid it.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Government Agency’s Name April  At the end of this course, the learner will be able to: ◦ Define personally identifiable information ◦ List examples.

Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.

Information Security. Your responsibilities as a Government of Canada employee.

Information Management and the Departing Employee.

Computer Security Sample security policy Dr Alexei Vernitski.

Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.

Staying Secure in an Insecure World NATE HOWE CHIEF INFORMATION SECURITY OFFICER Education – Partnership – Solutions.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

SECURE DATA TRANSFER Melvin Freeman The Next Step Public Charter School.

How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Protecting PHI & PII 12/30/2017 6:45 AM

Protection of CONSUMER information

Chapter 3: IRS and FTC Data Security Rules

Things To Avoid: 1-Never your password to anyone.

Data Protection Scenarios

Protecting Personal Information Guidance for Business.

Protecting Your Identity

Security Hardening through Awareness August 2018

Protecting Your Credit Identity

Premier Employee Program Version 4.0

Handling Information Securely

Information Security in Your Office

Presentation transcript:

Data Security Audit October 13 th, 2010 Thompson School District

Data Security Audit Anne Gallagher - IT Auditor from Swanhorst & CO Interviewed AP/HR/Purchasing personnel Focus on making sure we do our due diligence to protect the data that we collect and manage that could be used in identity theft SSN/Bank Account/Date of Birth/Federal ID (TIN) (Think about what questions are posed to verify your identity over the phone)

Data Security Audit We are the appointed custodians of sensitive information and we must act appropriately Most thefts come from inside  Never give out your password and reset it often to prevent unauthorized access  Protect sensitive information in your work area  Don’t leave sensitive information on your computer when you step away

Data Security Audit Processes to be mindful of include:  Transferring sensitive data to flash drives  Transferring sensitive data to laptops  Transferring sensitive data to vendors/3 rd parties Avoid sending through US Mail or Avoid Faxes both incoming and outgoing unless the fax machine is in a secure location Use secure websites or file transfer programs  Use secure locations on network to store data, avoid storing files containing sensitive information on your local drive

Data Security Audit Reports/Hard-Copy Forms  Because we cannot eliminate the use of sensitive information, we must protect it on hard-copy forms.  Hard-copies should be locked up or placed in a secured area when not in use.  Consider physically masking sensitive information Sharpie cover-up Stickers

Data Security Audit Reports/Hard-Copy Forms  Destroy hard-copies as soon as no longer needed or retention dead-line passes  Hard-copies that need shredding should be locked up or placed in a secured area until collected.  Limit the number of people handling hard-copies  Review if sensitive information can be removed from reports/forms

Data Security Audit Changes to better protect our data?  Review your processes/forms  Obtain locked shred collection bin  Reconfigure workspaces to limit public access to hard-copy documents  Desktop shredders Your thoughts?