Mandatory online training. intro why we are doing this why you should care what we hope you get out of this.

Slides:



Advertisements
Similar presentations
Protect Our Students Protect Ourselves
Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Peer Information Security Policies: A Sampling Summer 2015.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
Practical Information Management
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
HIPAA PRIVACY AND SECURITY AWARENESS.
An Educational Computer Based Training Program CBTCBT.
A cceptable U se P olicy A student’s guide to using technological tools safely and responsibly. Please see BOE Policy #7314 and Regulation #7314R * This.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Privacy and Information Management ICT Guidelines.
Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.
Watech.wa.gov Records Management In a nutshell. watech.wa.gov What’s a record? A record is anything you create in the course of doing your work – Everything.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
Our Acceptable Use Policy An Overview What is an Acceptable Use Policy (AUP)?
NCSC Test Security. NCSC vs States’ role NCSC is not a vendor and does not handle data with PII except for prescribed research study roles by one organizational.
Proctor Training Thank you for serving as a proctor in the Charlotte-Mecklenburg Schools testing program!
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
ISO/IEC 27001:2013 Annex A.8 Asset management
Western Asset Protection
Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.
DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).
HIPAA for Students Health Insurance Portability and Accountability Act.
Information Management and the Departing Employee.
Health & Safety Management “and a few other things for your consideration”
HIPAA Privacy What Every Staff Member Needs to Know.
Protection of Minors Program Coordinators Information Session November 2015 Carolyn Brownawell Melisa Giraldo Dietrich Warner.
Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.
Protect Our Students Protect Ourselves
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA Privacy & Security
Providing Access to Your Data: Handling sensitive data
Information Security Seminar
Working to Keep our Children Safe in a World Filled with Technology
Chapter 3: IRS and FTC Data Security Rules
Move this to online module slides 11-56
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Welcome to the SPH Information Security Learning Module
Lesson 2: Epic Security Considerations
Information management and communication
The Issues with Technology in education
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Handling Information Securely
Presentation transcript:

mandatory online training

intro why we are doing this why you should care what we hope you get out of this

How does info sec affect me? need to understand the info sec policy need to follow safe data handling practices, including disposal need to practice safe computing

What Information Security is definition examples

University Information Security policy Summarize policy –what covered –who covered –define principles

University Information University Data - Data created or maintained by the University related to carrying out the University's mission. It’s a University resources, owned by the University. Exclusions – Research data, class notes, lesson plans, personal papers, materials covered in the University’s Intellectual Property Policy

defined roles in policy cio data oversight data steward university community (faculty, staff, students) info sec department Univ archives audit and advistory procurement

Data Steward An individual who is responsible for ensuring the confidentiality, integrity, and availability of University information. A Data Steward defines access to and restrictions on use of the information for which he or she is responsible. A data steward also: –Ensures the confidentiality, integrity and availability of University data –Classifies all University information as Public, Internal, Sensitive, or Highly Sensitive, according to Data Classification Guidelines

who are the data stewards? do we list them?

Univ community Protect the privacy and security of University information, applications, computer systems, and networks under their control Adhere to all relevant data handling standards Report suspected violations of this policy to the Director of Information Security or to the appropriate Data Steward

Categorization of University data Determined by the degree of expected impact on the University or individuals if University information is mishandled.

Categories of University Data Public Internal Sensitive Highly sensitive

Data category: Public Information intended for public use that, when used as intended and not altered, would have no adverse impact on University operations, University assets, or individuals.

examples of public data PR releases

Data category: Internal Information not intended for parties outside the University community that, if disclosed, would have minimal or no adverse impact on University operations, University assets or individuals.

examples of Internal data directory info?

Data category: Sensitive Information that, if mishandled, could be expected to have a serious adverse effect on University operations, University assets or individuals.

examples of restricted data

Data category: Highly sensitive Information that, if mishandled, could be expected to have a severe or catastrophic adverse effect on University operations, University assets or individuals.

examples of highly sensitive data

interaction sorting data by types?

Enforcement of info sec policy The University will investigate suspected violations, and may recommend disciplinary action in accordance with University codes of conduct, policies, or applicable laws. Sanctions may include one or more of the following: –Suspension or termination of access –Disciplinary action up to and including termination of employment –Student discipline in accordance with applicable University policy –Civil or criminal penalties

Transition? how do we move from Info sec policy to rest of topics?

Data Handling Standards Get permission from data steward for access Use and share info with others only according to standards

Safe data handling (could be interactive—choose correct answers) Secure handling procedures: Lock screen when leaving computer Turn monitor from door Keep hard copies locked in desk when not in use Lock your office door when leaving room Never leave hard copies in printer/copier Store electronic files in Netfile

Disposal methods Data/information –Shred paper copies –Use spy-bot to electronically shred files Technology –clean hard drives before disposal

Safe computing Includes using tools such as –TakeCharge –virus protection –anti-spyware –Use SENF to find files containing sensitive data –laptop encryption Safe Web surfing –all your precautions can be undone by visiting the wrong site

Myths about security No one wants my stuff A little surfing hurts no one The University/OIT is protecting me

Points to remember Information Security is an ever evolving responsibility policies are being developed and implemented over time

Want more info? secure.nd.edu reporting violations

my points Missing: –secure work space

presentation issues travel theme –road signs (caution signs, stop signs, billboards, street signs, etc.) –could use roadmap (sorry!) to mark progression through course interactions –click to advance to next slide? –questions interspersed with text? how often? –does wrong answer send them back or just get right answer told to them? –Matching? Multiple choice? –do we keep score?

More issues length –this covers topics chosen but seems way too long –any ideas on what to cut, if anything? adverse effects maybe? –ideas on focus of subsequent training?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.