Data Security Project PROJECT WRAP-UP Timeline – July 2011 through December 2012 Project Charge – Compile resources and best practices for the proper handling.

Slides:

Advertisements

Similar presentations

A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.

Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Privacy and Information Security Training ( ) VUMC Privacy Website

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Impact of the Recent UC Denver Remote Computing Audit May, 2010.

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Login to University Web Site Enter in to login in which click Institution login.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Microsoft Passport Waldemar Swiercz.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Computer Security Fundamentals

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Introduction to PCI DSS

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

Website Hardening HUIT IT Security | Sep

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Program Objective Security Basics

10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

1.1 System Performance Security Module 1 Version 5.

Local Area Networks (LAN) are small networks, with a short distance for the cables to run, typically a room, a floor, or a building. - LANs are limited.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

2010 Test Security 2011 Campus Test Coordinator Training Test Security January 26, 2011 Freeport Intermediate school.

University Health Care Computer Systems Fellows, Residents, & Interns.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Collecting Information via the Web Stephen Porter Director of Institutional Research Michael Roy Director of Academic Computing Services.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Frontline Enterprise Security

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.

Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Personal data protection in research projects

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.

Armenia Twinning 2011 Component F – Information Society, 2 – 6 May DEVELOPMENT OF INFORMATION SOCIETY STATISTICS IN LITHUANIA SURVEY ON.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Armenia Twinning 2011 Component F – Information Society, 2 – 6 May DEVELOPMENT OF INFORMATION SOCIETY STATISTICS IN LITHUANIA SURVEY ON.

Component D: Activity D.3: Surveys Department EU Twinning Project.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

Computer Security  Computer Security:  Password Strength  Windows Screen Saver  Deleting browser cache  Deleting browser cookies  Securing MS Office.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Payment Card Industry (PCI) Rules and Standards

Internet Business Associate v2.0

Fix All Your Issues at Trezor Support Phone Number

Digital $$ Quiz Test your knowledge.

Presentation transcript:

Data Security Project PROJECT WRAP-UP Timeline – July 2011 through December 2012 Project Charge – Compile resources and best practices for the proper handling of confidential and sensitive data and implement these throughout organizations here at Rice University thus raising awareness of Rice University Policy 808 on the protection of personally identifiable information. Process methodology – The project process included targeting primarily departments that processed data defined as confidential and/or sensitive by University policy. Staff within the departments were surveyed and interviewed and a report was compiled for each department which included Data Security Support Recommendations.

Data Security Project 57 Departments / Schools 842 Surveys Collected 294 Individual Interviews Processed 318 Identity Finder User Licenses Active 268 PGP Encryption User Licenses Active Processed Totals through December 2012

Data Security Project as unsafe transport for confidential/sensitive information The most common issue found throughout the project's life was the fact that a large percentage of respondents to the Data Security survey acknowledged the use of to transport confidential and/or sensitive information. This issue was a focus for the project since the beginning. As we interviewed respondents and upon reporting back to organizations we made it clear that ing confidential and/or sensitive information was not safe and that encryption or password protection should be utilized in the rare cases where ing this kind of information is necessary. Working with the IT Security Office, the project recommended the purchase of Proofpoint - a system that helps prevent accidental data loss through . Lessons Learned

Data Security Project Utilizing lockable cabinets for storage of confidential and/or sensitive paperwork This was a regular recommendation as many respondents were found either not having access to a lockable cabinet for storage of confidential paperwork or the cabinet that they were utilizing was not working to lock properly or had no lock at all. This recommendation was heavily publicized throughout our best practices media. Lessons Learned

Data Security Project Mobile Phones/Devices utilized for Rice business and/or receiving Rice should be pin protected With the proliferation of mobile devices, both personal and Rice owned, here on campus it is most important to make certain that these devices are pin protected. This will help to protect, not only your personal data on your device but that of Rice University’s which you may receive via . Lessons Learned

Data Security Project Office configurations that are vulnerable to prying eyes and ears Some departmental challenges lie in office configurations. Some high traffic areas are vulnerable when handling confidential and/or sensitive information. Recommendations include computer filter screens for monitors and reminding staff to be aware of paperwork that is being worked on so that it is not easily viewed by those entering the area. Lessons Learned

Data Security Project Making shredders available Having a shredder available for staff is very important so that no confidential/sensitive paperwork is thrown in the trash thus becoming a risk for the University. Having a shredder in a central location and available for all staff was heavily recommended. Lessons Learned

Data Security Project Proofpoint Software Sending confidential and sensitive information via should be avoided. In some cases, institutional data loss occurs through , either by sending s to the wrong address (or addresses) or not knowing confidential information is in an in the first place (like an excel attachment). Proofpoint, a system that will sit between our outgoing servers and the Internet, will help protect against this. In addition, it will provide an option to encrypt s for those that need to send information via to outside organizations. More information about Proofpoint and how to use it's encryption features is on its way. Stay Tuned for what’s coming!

Data Security Project Data Security Awareness Training Modules The Data Security Awareness Training Modules are currently being finalized and promise to be a huge step in the right direction in order to keep best practices for information security fresh in everyone’s mind for future years to come. The training modules were developed through close working relationships between the IT Security Office, the Data Security Project and the Jones Business School. These modules include “ Security, Mobile Device Protection, Identity Protection and Data Security”. The modules take the user through short but thorough lessons on best practices and finally move the user to a short test at the end of every module. Fashioned with like methodology used for the Sexual Harassment training, this Information Security Awareness training is a strong component for the ongoing training of current and future Rice Faculty and Staff. Stay Tuned for what’s coming!

Data Security Project Media Campaigns The Data Security Desk Assistant card is a postcard sized double sided card which reminds the user of the importance of proper handling of confidential and sensitive data. Also in working with Carlyn Chatfield in the IT communications office we have designed and put together a “Data Security Best Practices” brochure which provides a host of useful pointers and resources for all Rice Faculty and Staff. The production of the paper media will be limited but will also be duplicated on the web.

Data Security Project Questions? Frank Rodriguez Rice University Data Security Project 6100 Main Street MS 750 Houston, Texas Tel – Fax – Visit the Data Security Website: