J. Rick Mihalevich Dean of Information Technology Linn State Technical College June 18, 2009
Provide awareness of the need Provide awareness of the major laws that impact public entities Provide information on best practices, technology, and trends Provide resources for further information
Security Concerns and Public Entities Open Accessible Transparent Accountable
Linn State Technical College Security Infrastructure LSTC currently utilizes XXXXXX to provide data XXXXXX processes which impacts approximately XXXXXX blocked attacks daily. XXXXXXX manages a XXXX XXXX router at the gateway LSTC utilizes XXXXXX Firewall The DMZ is attached to a XXXXXXX appliance. All packets are inspected by XXXXXX and XXXX security software is used to protect against XXXXXX attacks.
million veterans was compromised when a laptop was stolen 2007 Inspector General for Tax Administration found 490 laptops containing sensitive taxpayer data had been lost or stolen 2006 Employee information at the department of agriculture was compromised by unauthorized access Examples of Compromised Data
FERPA: Family educational rights and privacy act HIPAA: Health insurance portability and accountability act GLB: Gramm-Leach-Bliley Act The Privacy Act E-government Act FISMA: The Federal Information Security Management act
Conclusion #1: LSTC Infrastructure ◦ Security by Obscurity Conclusion #2: Examples of Compromised Data ◦ Employees may pose the greatest risk Conclusion #3: Public Laws ◦ Balance between openness and security Public Trust Restricting access, in the name of security is no vise
Pass Phrase Thumb drive encryption Encryption of laptops Virtual Private Networks (VPN’s) Touchpad security Effective patch management
Security officer Security by Obscurity Not using SSN Training and awareness Change passwords frequently (Strong) Don’t click on links
Department of Homeland Security National Governors Association Center for Best Practices National Association of Chief Information Officers Governmental Accountability Office
Principles of openness, accuracy, transparency and accountability How would you like your personal information handled fairly and lawfully process it process it only for limited, specifically stated purposes use the information in a way that is adequate, relevant and not excessive use the information accurately keep the information on file no longer than absolutely necessary process the information in accordance with your legal rights keep the information secure never transfer the information outside
ethnic background political opinions religious beliefs health sexual life criminal history