PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.

Slides:



Advertisements
Similar presentations
Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.
Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Informed Consent.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Information Security Policies and Standards
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
Identification Card – CS155b. Please fill in form below First Name: ___________ Gender: ___________ Yale Student ID # (digits 3-5): _ _ _ Driver’s License.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
University of California, Irvine TechnoExpo, September Security Awareness for Web Developers Katya Sadovsky Administrative Computing.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
National Smartcard Project Work Package 8 – Security Issues Report.
House Committee on Business and Industry House Bill Implementation of Closed Account Notification System Texas Department of Banking April 22, 2008.
Protecting Sensitive Information PA Turnpike Commission.
April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Information Security Phishing Update CTC
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.
Green Computing Sharing files to reduce printing.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Florida Information Protection Act of 2014 (FIPA).
Introduction To Plastic Card Industry (PCI) Data Security Standards (DSS) April 28,2012 Cathy Pettis, SVP ICUL Service Corporation.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
PKI Update December, 2008 Nicholas Davis. Quick Background 2004 UW-Madison purchased co-managed solution from Geotrust Both client certs and SSL certs.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Preventing a Sensitive Data Loss: Laptops Marc Scarborough.
Cyber Security Awareness Month Using Your Laptop Safely On the Road Off-Campus Safe Computing Part 2.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.
Working with HIT Systems
C4HCO Security and Privacy Discussion Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
HOW TO RESPOND TO A DATA BREACH: IT’S NOT JUST ABOUT HIPAA ANYMORE The Thirteenth National HIPAA Summit  September 26, 2006 Renee H. Martin, JD, RN, MSN.
Access Control / Authenticity Michael Sheppard 11/10/10.
CROWNWeb FMQAI: The Florida ESRD Network. Introductions Oniel Delva, BA Communications Coordinator Renal RCT Team – Network 7 CROWNWeb.
Privacy Act United States Army (Managerial Training)
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Treat it like it’s yours: best practices for handling student transcript data Bob Hughes Application Support Manager North Orange County CCD CCCTran Steering.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
SECURITY AND ELECTRONIC COMMUNICATIONS WHAT YOU NEED TO KNOW FOR YOUR AUDIT.
Florida Information Protection Act of 2014 (FIPA)
Information Security Seminar
Florida Information Protection Act of 2014 (FIPA)
State of e-Authentication in Higher Education Bernie Gleason
Red Flags Rule An Introduction County College of Morris
Alabama Data Breach Notification Act: What 911 Districts Need to Know
Data Breaches in Employee Benefits
PKI Update December, 2008 Nicholas Davis
ELECTRONIC SIGNATURES
ELECTRONIC SIGNATURES
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008

Background PKI introduced to campus Part of a broader strategy –Password policy –Levels of Assurance (LOA) How sure are we that you are who you say you are?

LOA Recommendations for Access to Personal Information (PI) LOA-1: Doesn’t require access to PI LOA-2: Access to your own PI LOA-3: Access other’s PI

PKI Use Cases: the early days - digital signatures To encrypt s Digitally signing mass s

Information is as an Asset: What is restricted information? Notice of unauthorized acquisition of personal information. […] (b) “Personal information” means an individual’s last name and the individual’s first name or first initial, in combination with and linked to any of the following elements, if the element is not publicly available information and is not encrypted, redacted, or altered in a manner that renders the element unreadable: 1. The individual’s social security number. 2. The individual’s driver’s license number or state identification number. 3. The number of the individual’s financial account number, including a credit or debit card account number, or any security code, access code, or password that wou ld permit access to the individual’s financial account. 4. The individual’s deoxyribonucleic acid profile, as defined in s (2d) (a). 5. The individual’s unique biometric data, including fingerprint, voice print, retina or iris image, or any other unique physical representation. […] (2) NOTICE REQUIRED. (a) […] an entity that maintains or licenses personal information in this state knows that personal information in the entity’s possession has been acquired by a person whom the entity has not authorized to acquire the personal information, the entity shall make reasonable efforts to notify each subject of the personal information. Restricted data is PII & PHI

Recent use cases Registrar’s Privacy and Security Group –To reduce, and where possible eliminate, risk in the receiving, storing, dissemination, and disposal of sensitive data –To cultivate awareness of privacy and security in our individual units, our departments, the division, the campus, and anyone with whom we have contact s with restricted info

PKI Use Cases: the crystal ball Link with new campus ID card Secure VPN access Desktop/laptop encryption

Getting started Me first Why should they care? –Have to –Want to Free samples Work from the top and the middle

Marketing strategies Web: doit.wisc.edu, search: pki Presentations and demos Newsletter article … Postcard …

Lessons learned Involve management Customer service Process and procedures Plan marketing before rollout

Usability Slow to adopt Requires training and awareness Certs expire requiring technical support Integrate with existing ID mgt. Integration with applications –PeopleSoft –Card Space –Higgins –Other…

Our questions How have you made PKI more usable in your environment (any tricks of the trade)? Have you established training and docs that you would be willing to share with others? What has been the driving factor in your PKI implementations? What applications do you use with PKI?

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.