Virginia Tech’s Effective Practices for Managing Sensitive Data Common Solutions Group January 11, 2008.

Slides:

Advertisements

Similar presentations

AUTOMATING FREE & REDUCED MEAL APPLICATION PROCESSING Online Submission Presented To Muscogee County GA. SD Image One – X208

Advertisements

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner

Contract Review Process Round Table Corporate Counsel Section April 11, 2007.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

The International Security Standard

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.

PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Security Controls – What Works

Release Management in SAP David Osborne, Planning & Release Management, Canada Customs and Revenue Agency May 20, 2003 Session 2909.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Developing a Records & Information Retention & Disposition Program:

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Mary Dunker Common Solutions Group January 12, 2010.

Environmental Management Systems Refresher

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE.

A Report on Progress toward the Strategic Goals Presented to the Valencia District Board of Trustees on behalf of the College Planning Council.

Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.

National Archives of Finland long-term preservation permission procedure for governmental agencies and development of national auditing and certification.

Electronic Records Management: What Management Needs to Know May 2009.

HIPAA PRIVACY AND SECURITY AWARENESS.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation.

Roles and Responsibilities

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

MAINTAINING PRIVACY & DATA SECURITY IN THE VIRTUAL PRACTICE OF LAW.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Environmental Management System Definitions

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November.

Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Integrated Knowledge & Information Policy Framework iKMS Practitioners’ Conference Singapore November

FMDG FMDG at Virginia Tech: A Synergestic Approach Virginia Tech Facilities Managers' Development Group : A Synergistic Approach Dawn Maxey, Facilities.

1 PARCC Data Privacy & Security Policy December 2013.

Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Prepared by The Office of the Registrar Youngstown State University February, 2009.

Establishing and Maintaining Effective Safety Committees.

ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.

The Evolving Scholarly Record in the Campus Context Sarah M. Pritchard March 23, 2015.

Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.

TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.

Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.

May 2010Your Partner for Successful Solutions 1 Cash Handling and Management Guideline # 4.1 – Cash Handling and Management

Overview of SACS-COC Reaffirmation Process Prepared for Reaffirmation Steering Committee April 10, 2006.

Protection of Minors Program Coordinators Information Session November 2015 Carolyn Brownawell Melisa Giraldo Dietrich Warner.

BEST PRACTICE ON GOOD RECORDS KEEPING

Data UW-Madison February, 2017.

Start Why ISO In WWM CRC?.

Streamline your HR document management processes

Civil Registration Process: Place, Time, Cost, Late Registration

Building a Security Operations Center

Why ISO 27001? Subtitle or presenter

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Health Care: Privacy in a Digital Age

NCAA Division I Progress Toward Degree: Improving the Certification Process

Why ISO 27001? MARIANNE ENGELBRECHT

HIPAA Security Standards Final Rule

Presentation transcript:

Virginia Tech’s Effective Practices for Managing Sensitive Data Common Solutions Group January 11, 2008

VT EP for Managing Sensitive Data Our needs… Stay out of the Press. Stay out of the courts. Preserve the integrity of the data. Respect the privacy of our students and employees.

VT EP for Managing Sensitive Data Education On-demand Compliance HR Disciplinary Action Building Blocks Acceptable Use Policy Data Classification Tools SSL Pre-2003 #1: Do what you can when you can do it.

VT EP for Managing Sensitive Data #2. Create a framework for doing it.

VT EP for Managing Sensitive Data #3. Garner support from the Big Sticks. Board of Visitors University Legal Counsel Internal Audit Campus Police

VT EP for Managing Sensitive Data Education Awareness sessions Faculty Dev. Institute Communication SANS-EDU Compliance ITSO Security Reviews Audit Building Blocks Authority Docs VTCA Policies (SSN) Standards (PII) Tools Find_SSN Find_CCN Encryption 2008 #4. Don’t think you’re done.

VT EP for Managing Sensitive Data Security Standards for Social Security Numbers IT Standards –SSN on display screens, reports –Security protocol to access SSN on VT DB –Electronic Storage of SSN (encrypt it) –Electronic transmission of SSN (encrypt it) –Obtain permission to include SSN in ANY electronic system Records management handles paper documents

VT EP for Managing Sensitive Data Benefits Lack of a complete solution has not prevented us from implementing partial solutions. Everyone has a role. –Members of the IT organization and the university have increased their involvement, interest and awareness in security through policy development, tool development and by participating in VT IT Security Task Force.

VT EP for Managing Sensitive Data Challenges Pulling all the pieces together to create a comprehensive plan for securing personally identifying information (PII).

VT EP for Managing Sensitive Data Future Plans Meet the challenge!

VT EP for Managing Sensitive Data References Virginia Tech IT-Related University Policies Security Standards for Social Security Numbers ecurity%20standards_5July05.pdf ecurity%20standards_5July05.pdf Virginia Tech Certification Authority Virginia Tech Information Technology Security Office Virginia Tech IT Security Task Force Administrative Data Management and Access Policy