Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services

Similar presentations


Presentation on theme: "© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services"— Presentation transcript:

1 © 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services http://oit.boisestate.edu/security/

2 © 2012 Boise State University2 Universities in the News! University of Idaho 70,000 Donor Records University of Texas at Austin 225,000 Student Records UCLA 500,000 Student Records

3 © 2012 Boise State University3 University NOT in the News! Boise State University Zero Lost Records So Far! Go Broncos!

4 © 2012 Boise State University4 Information We Keep Students, Faculty, Staff, Donors, Contractors Financial Records Grades Credit Card Information Health Care Information Addresses Phone Numbers Insurance Records Social Security Numbers All Protected By Law!

5 © 2012 Boise State University5 Alphabet Soup So Many Laws... FERPA HIPAA PCI-DSS GLBA SOX Red Flag Alerts Idaho Code §28-51-105 §28-51-

6 © 2012 Boise State University6 Alphabet Soup Information Technology Resource Use (8000) http://policy.boisestate.edu/wp-content/uploads/2011/05/8000_informationtechnologyresourceuse.pdf Information Privacy and Security (8060) http://policy.boisestate.edu/wp-content/uploads/2011/05/8060_InformationPrivacySecurity.pdf Cash Handling (6010) http://policy.boisestate.edu/wp-content/uploads/2011/05/6010_CashHandling.pdf

7 © 2012 Boise State University7 Alphabet Soup What is PII? Personally Identifiable Information The One Acronym That Says it All!

8 © 2012 Boise State University8 Best Practices Know the Data Your Office Handles Data Classification Know How to Safeguard the Data Protecting Information

9 © 2012 Boise State University9 Best Practices Data Classification Method to identify the level of protection various kinds of information need or require A rubric of three levels of sensitivity Level One - Private Level Two - Protected Level Three - Public http://oit.boisestate.edu/security/it-security-policy-and-procedures/dataclassification/

10 © 2012 Boise State University10 Best Practices Data ClassificationLevel One – Private information that must be protected as required by law, industry regulation, or by contract Examples - Student or employee records; social security numbers; A numbers; grades; employee performance reviews; personnel files; personally identifiable information; – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

11 © 2012 Boise State University11 Best Practices Data ClassificationLevel Two Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, Idahos Open Records Law Examples - Internal e-mails; meeting minutes; unit working & draft documents. Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

12 © 2012 Boise State University12 Best Practices Data ClassificationLevel Three Public Information Examples - Standard practice guides and policies; college plan; personal directory; maps; course catalog, public web page, press releases, advertisements, schedules of classes. Consequences of loss Loss of personal data with no impact to the university Bad Publicity

13 © 2012 Boise State University13 Best Practices Data ClassificationHow To CIA: The Big Three of Information Security C onfidentiality the need to strictly limit access to data to protect the university and individuals from loss I ntegrity data must be accurate and users must be able to trust its accuracy A vailability data must be accessible to authorized persons, entities, or devices http://oit.boisestate.edu/security/it-security-policy-and-procedures/dataclassification/how2classdata/

14 © 2012 Boise State University14 Best Practices Data ClassificationHow Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.

15 © 2012 Boise State University15 Best Practices Data ClassificationHow To Protect Systems Minimum Security Standard for Systems Click for Next Slide!

16 © 2012 Boise State University16 Best Practices Protecting Information Dont let personnel issues become security issues Control access to buildings and work areas If you print itgo get it right away Lock up sensitive informationincluding laptops Store sensitive information on file servers Shred it if you can Know Boise State Information Handling Policies

17 © 2012 Boise State University17 Best Practices Protecting Information Use strong passwords Change passwords often Use different passwords on different systems Never share your password Password protect your screensaver Manually lock your screen whenever you leave your desk

18 © 2012 Boise State University18 Best Practices Protecting Information Be sure your office computers operating systems and anti-virus software are up-to-date Remind staff to never open unsolicited email from an unknown source or click on unfamiliar web addresses Follow computer salvage proceduresfor disks, too!

19 © 2012 Boise State University19 Example of Poor Practices The next two slides show articles from a local newspaper regarding an insurance agency just Dropping Off boxes full of personal records at a local recycling center. These boxes were left after hours when the recycling center was closed. The article states that it could have been an Identity Thief's gold mine

20 © 2012 Boise State University20 Click for Next Slide!

21 © 2012 Boise State University21 Click for Next Slide!

22 © 2012 Boise State University22 What to Do! Know who to call! I think an office computer is infected, what do I do? Call the Help Desk @ 6- 4357 I think I lost the USB drive I used to take some sensitive files home to work on, what do I do? Call Information Security Services -@ 6-5501

23 © 2012 Boise State University23 Information Security for Your Office Incident Response Procedure


Download ppt "© 2012 Boise State University1 Information Security for Your Office Created By OIT Information Security Services"

Similar presentations


Ads by Google