PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014.

Slides:

Advertisements

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

Advertisements

Security Update Server Registration, Active scanning and Windows patching.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

Red Flag Rules: What they are? & What you need to do

Property Theft FY 2014 July - May Reported Thefts Unfounded Actual UGA as Victim Total Loss $321,058.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

Secure | Resolutions Over 1 million computers are currently protected by Secure Resolutions’ technology.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

New Staff Orientation Kay Carlisi Instructional Computing Coordinator.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Penn State University College Of Education Understanding College of Education Resources.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Client Management. Introduction In a typical organization there are a lot of client machines used for day to day operations Client management is a necessary.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Module 4: Add Client Computers and Devices to the Network.

What is the big idea behind the 12/3 Identity Finder scan? The system-wide scan on 12/3 is intended to permanently remove all PII and anything looking.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Hands-On Microsoft Windows Server 2008

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Data Risk and Security Andrew Roderick Campus Technology Committee – January 21, 2015.

Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.

Mobile Device Management Central Management of Wintel Laptop Software and Hardware in a Secure Environment.

Module 7: Fundamentals of Administering Windows Server 2008.

Protecting Personal Information at Fermilab. What You Will Learn F Why must we protect personal information? F What are the laboratory policies governing.

Protecting Personal Information at Fermilab. Outline F Why must we protect personal information? F What is Protected Personally Identifiable Information.

General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.

Auditing Information Systems (AIS)

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

California State University, Northridge Certification Process Team B Carlos Guzman John Kramer Stacey LaMotte University of Phoenix.

Virginia Tech’s Effective Practices for Managing Sensitive Data Common Solutions Group January 11, 2008.

SPH Information Security Update September 10, 2010.

Cyber Security Awareness Month Using Your Laptop Safely On the Road Off-Campus Safe Computing Part 2.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

© Copyright 2010 Hemenway & Barnes LLP H&B

Chapter 2 Securing Network Server and User Workstations.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.

STANFORD UNIVERSITY RESEARCH COMPUTING Are we outliers? Institutional minimum security requirements RUTH MARINSHAW OCTOBER 14, 2015.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015.

IDENTITY FINDER TRAINING. What is Identity Finder?  Identity Finder is a program that is installed on your desktop, laptop, or server to locate personally.

Windows Small Business Server 2003 R2 Powering Small Businesses.

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

What’s New in Fireware v WatchGuard Training.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

Kevin Watson and Ammar Ammar IT Asset Visibility.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Protecting Personal Information at Fermilab

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

COMPTIA CAS-003 Dumps VCE

Cybersecurity Strategy

County HIPAA Review All Rights Reserved 2002.

12 STEPS TO A GDPR AWARE NETWORK

IT Development Initiative: Status & Next Steps

PLANNING A SECURE BASELINE INSTALLATION

Cyber Security: What the Head & Board Need to Know

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014

Annual PII update with Chancellor Perlman and SAT For the past 3 years the Office of Internal Audit and Information Technology Services have updated the Chancellor and SAT on the status of PII stored/used at UNL Share inventory of the total number of PII records –Focus placed on data stores with 10,000 or more unique records –Include trends from the past year Is total number going up or down? Document details about how data is being secured

What is PII? PII is described by state statute –SSN's –drivers license numbers –biometric information –credit card numbers –and financial account information when combined with a PIN and the records include a first and last name, or first initial and last name.

Identity Exposure Risk Areas Administrative Areas Faculty Areas Research Areas Employees with Longevity

Administrative Areas HR Responsibilities –PAF, Salary Supervisors Employee Evaluations

Faculty Areas Grade Books Student Papers Publications Conference Material

Research Servers administrated by Researchers –Accounts and authentication protocols –Remote Access and VPN Graduate Student shared computers –Personal information requirements

Employees with Longevity Prior to 2005 Forgotten data –Moved data during hardware upgrades without cleansing Previous Responsibilities

IT Role Educate Data Owner –Data Security Classification Public Data Non-Public Data Confidential Data (Identity Finder Consult with Data Security (Rick) –All PII must be Registered VPN Adherence

Identifying the Risk Identity Finder –A tool to scan desktops, laptops and servers searching for records with PII in them –The tool is available from Dan Buser in ITS Security –Department tech staff can have access to the admin console to manage scan results from their computers.

Identifying the Risk Symantec Data Loss Prevention (Vontu) –Scanning appliances at the edge of UNL network looking for PII entering or leaving the campus –Data is flagged if is believed to contain PII, sender is contacted if it is indeed PII.

Mitigating the Risks Deploy Identity Finder on all desktops, laptops and servers –It is hard to protect/manage what we don’t know we have Ability to deploy Identity Finder with our new client management tools (Casper and SCCM) Performing regular scans on all desktops, laptops and servers will lower our risk of exposure Keep all operating systems patched, and applications up-to-date Disable all ports and services that are not needed Enable logging Regularly check logs

Role We Can Play Educate data owner on Data Classification (maybe include 3 levels) Keep ITS Security in the loop All PII being used or stored needs to be registered at

©2007 The Board of Regents of the University of Nebraska. All rights reserved. Questions?