J. Rick Mihalevich Dean of Information Technology Linn State Technical College 573.897.5129 June 18, 2009.

Slides:



Advertisements
Similar presentations
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.
Springfield Technical Community College Security Awareness Training.
The Data Protection (Jersey) Law 2005.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
HIPAA Security Standards What’s happening in your office?
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?
Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.
New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Controls for Information Security
Data Protection Overview
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Data Protection Act. Lesson Objectives To understand the data protection act.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Securing Information in the Higher Education Office.
Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Health & Social Care Apprenticeships & Diploma
ESCCO Data Security Training David Dixon September 2014.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Company LOGO Data Privacy HIPAA Training. Progress Diagram Function in accordance Apply your knowledge Learn the Basics Orientation Evaluation Training.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
The Data Protection Act 1998 The Eight Principles.
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
What is personal data? Personal data is data about an individual which they consider to be private.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
Mastering Administration Secretary Training. Icebreaker.
Personal data protection in research projects
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Business Ethics and Social Responsibility GCSE Business and Communication Systems Business and Communication Systems.
Computing and Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
Data protection—training materials [Name and details of speaker]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Information Security and Privacy in HRIS
East Carolina University
Data Protection and Confidentiality
Issues of personal data protection in scientific research
Data Protection Act.
GDPR Overview Gydeline – October 2017
GDPR Overview Gydeline – October 2017
New Data Protection Legislation
Data Protection principles
Unit 1 Effective Communication in Health and Social Care
REDCap and Data Governance
HIPAA Overview.
Lesson 1: Introduction to HIPAA
Understanding Data Protection
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Information Security in Your Office
Presentation transcript:

J. Rick Mihalevich Dean of Information Technology Linn State Technical College June 18, 2009

 Provide awareness of the need  Provide awareness of the major laws that impact public entities  Provide information on best practices, technology, and trends  Provide resources for further information

Security Concerns and Public Entities  Open  Accessible  Transparent  Accountable

Linn State Technical College Security Infrastructure  LSTC currently utilizes XXXXXX to provide data XXXXXX processes which impacts approximately XXXXXX blocked attacks daily.  XXXXXXX manages a XXXX XXXX router at the gateway  LSTC utilizes XXXXXX Firewall  The DMZ is attached to a XXXXXXX appliance.  All packets are inspected by XXXXXX and XXXX security software is used to protect against XXXXXX attacks.

 million veterans was compromised when a laptop was stolen  2007 Inspector General for Tax Administration found 490 laptops containing sensitive taxpayer data had been lost or stolen  2006 Employee information at the department of agriculture was compromised by unauthorized access Examples of Compromised Data

 FERPA: Family educational rights and privacy act  HIPAA: Health insurance portability and accountability act  GLB: Gramm-Leach-Bliley Act  The Privacy Act  E-government Act  FISMA: The Federal Information Security Management act

 Conclusion #1: LSTC Infrastructure ◦ Security by Obscurity  Conclusion #2: Examples of Compromised Data ◦ Employees may pose the greatest risk  Conclusion #3: Public Laws ◦ Balance between openness and security  Public Trust  Restricting access, in the name of security is no vise

 Pass Phrase  Thumb drive encryption  Encryption of laptops  Virtual Private Networks (VPN’s)  Touchpad security  Effective patch management

 Security officer  Security by Obscurity  Not using SSN  Training and awareness  Change passwords frequently (Strong)  Don’t click on links

   Department of Homeland Security  National Governors Association Center for Best Practices  National Association of Chief Information Officers  Governmental Accountability Office

 Principles of openness, accuracy, transparency and accountability  How would you like your personal information handled  fairly and lawfully process it  process it only for limited, specifically stated purposes  use the information in a way that is adequate, relevant and not excessive  use the information accurately  keep the information on file no longer than absolutely necessary  process the information in accordance with your legal rights  keep the information secure  never transfer the information outside

 ethnic background  political opinions  religious beliefs  health  sexual life  criminal history