Securing Information in the Higher Education Office.

Slides:



Advertisements
Similar presentations
© 2012 Boise State University1 Click for Next Slide! Information Security on the Front Lines Created By OIT Information Security Services
Advertisements

© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
© 2012 Boise State University1 Click for Next Slide! Information Security for Faculty and Researchers Created By OIT Information Security Services
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Protecting Personal Information Guidance for Business.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Protecting Your Identity: What to Know, What to Do.
National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Computer and Physical Security Recommendations. Assure that computers and work locations are secured when work areas are not staffed.  Log-off or lock.
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
HFS DATA SECURITY TRAINING
IT Security Essentials Ian Lazerwitz, Information Security Officer.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.
Protecting Sensitive Information PA Turnpike Commission.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Program Objective Security Basics
Electronic Records Management: What Management Needs to Know May 2009.
IT Security Awareness: Information Security is Everyone’s Business A Guide to Information Technology Security at Northern Virginia Community College.
ESCCO Data Security Training David Dixon September 2014.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Legal Division CSAA Insurance Group, a AAA Insurer Protecting Your Identity: What to Know, What to Do 2015 Risky Business Week.
Privacy and Information Management ICT Guidelines.
R ed F lag R ule Training for the Veterinary Industry © Chery F. Kendrick & Kendrick Technical Services.
INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Information Security Office Protecting Privacy in the New Millennium © Copyright Melissa Guenther, LLC. All rights reserved. Kelley Bogart – Information.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
By: Asfa Khan and Huda Mukhtar
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Government Agency’s Name April  At the end of this course, the learner will be able to: ◦ Define personally identifiable information ◦ List examples.
Confidentiality, Integrity, Awareness What Does It Mean To You.
Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016.
2015Computer Services – Information Security| Information Security Training Budget Officers.
HIPAA Privacy What Every Staff Member Needs to Know.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Staying Austin College
Protecting Your Identity:
School of Medicine Orientation Information Security Training
Presentation transcript:

Securing Information in the Higher Education Office

Information Security Office MISSION: –B–Build Security Awareness –M–Maintain and Develop Information Security Policy –I–Investigate Information Security Incidents Protecting Our Constituent Information is a Team Effort

Information Security for Your Office Alphabet Soup – Laws, Rules, Regulations, Policies, Standards Best Practices – Data Classification And How to Classify Data – Protecting Information

Information We Keep Students, Faculty, Staff, Donors, Contractors – Financial Records – Grades – Credit Card Information – Health Care Information – Addresses – Phone Numbers – Insurance Records – Social Security Numbers All Protected By Law!

Alphabet Soup So Many Laws... – FERPA – HIPAA – PCI-DSS – GLB – SOX – “Red Flag” Alerts – California SB 1386§

Alphabet Soup... And Institutional Policy!

Alphabet Soup P. I. I. – Personally Identifiable Information The One Acronym That Says it All!

Best Practices Know the Data Your Office Handles – Data Classification Know How to Safeguard the Data – Protecting Information

Best Practices Know what to protect – Data Classification Method to identify the level of protection various kinds of information need or require

Data Classification Example Data Classification—Level One – Private information that must be protected as required by law, industry regulation, or by contract Examples? – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

Data Classification Example Data Classification—Level Two – Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, state sunshine laws Examples? – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

Data Classification Example Data Classification—Level Three – Public Information Examples? – Consequences of loss Loss of personal use of a computer Loss of personal data with no impact to the university Bad Publicity

Best Practices How Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.

Best Practices Protecting Information – Don’t let personnel issues become security issues – Control access to buildings and work areas – If you print it—go get it right away – Lock up sensitive information—including laptops – Store sensitive information on file servers – Shred it if you can Know Your School’s Information Handling Policies

Best Practices Protecting Information – Use strong passwords – Change passwords often – Use different passwords on different systems – Never share your password – Password protect your screensaver Manually lock your screen whenever you leave your desk

Best Practices Protecting Information – Be sure your office computers’ operating systems and anti-virus software are up-to-date – Remind staff to never open unsolicited from an unknown source or click on unfamiliar web addresses – Follow computer salvage procedures—for disks, too!

Best Practices Know who to call! – I think an office computer is infected, what do I do? – I think I lost the USB drive I used to take some sensitive files home to work on, what do I do?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.