Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security Awareness

Similar presentations


Presentation on theme: "Data Security Awareness"— Presentation transcript:

1 Data Security Awareness
3/5/2015 Data Security Awareness Brenda Meyer, Migrant Data Consultant Mar 5, 2015

2 Objectives Why is collected and where is it stored
Federal and State Student Privacy Laws How is the Student Information Used Student Data Destruction Student Information Safeguards State of Colorado Secure Server 2

3 Migrant Student Data Why Do We Collect Student Information?
State and Federal Law Where is the information stored? Local file cabinets and state and local databases Who has access to student data? Authorized and authenticated migrant educational personnel Access is restricted and actively monitored 3

4 Federal and State Student Privacy Laws
Student privacy procedures is fully adhere to the guidelines set forth in Federal and State law. Family Educational Rights and Privacy Act (FERPA) To access the FERPA click link below Protection of Pupil Rights Amendment (PPRA) To access the PPRA click on link below MSIX Rules of Behavior Colorado New Generation System (NGS) User Agreement NGS User Oath Identity Management - RITS 4

5 How Is Student Information Used?
Individual Student Data Uses: Enrollment Placement Credit accrual Tracking of services Individual student growth Aggregated Student Data Uses: Federal and State reporting and funding Regional Performance Reports Program evaluation and measures Regional Improvement Plans 5

6 Student Data Destruction
When is individual student information archived or deleted? All individual student data is encrypted and stored securely Access is restricted and actively monitored Individual student records are rendered non-individually identifiable this includes data stored on: Computer, Tablet, IPad CD/DVD Thumb drives Secondary storage technology (e.g. zip drives) Destruction of student records older than 10 years (NRG, Chapter XI, State Administration, C3) All sensitive student data housed on MEP funded retired desktop computer and/or laptop must be removed and destroyed prior to destruction The storage of all sensitive student data must be deleted or destroyed. This includes sensitive data placed in the student’s record 6

7 Student Information Safeguards
How is the Information Safeguarded? Approved access control Strong password Protect access accounts, privileges, and associated passwords (E.g. Not sharing password and not logging on for others) Laptop/mobile device password locks Data Sharing Use of SASID must be isolated from student data and student names Strong encryption Secure Transit When disclosing sensitive student information to CDE, the information must be sent via CDE’s Secure File Transfer Protocol (SFTP) When disclosing sensitive student information to districts, the information must be encrypted and all safeguards must be used to restrict access 7

8 Migrant Student Information Access
Users requesting access to State and Federal Migrant Student Information Systems must first complete training and must agree to comply with state and federal requirements. Each user requesting access must first have prior approval from the regional migrant director. The regional migrant director must then submit a request to the SEA requesting access on the individuals behalf. The SEA will grant access to authorized users it deems necessary. Each user must complete the Colorado NGS User Agreement, NGS User Oath Form, MSIX Application and Identity Management prior to being granted access to state and federal information systems. Each user must comply with the requirements. Failure to comply may result in disciplinary action up to and including denial of access and other consequences determined by appropriate entities. Upon termination from the Migrant Education Program, your Regional Director must submit a deactivation notice to the SEA. 8

9 Activity Form two groups of 5
How well are you aware of data privacy and security awareness? Each group has 1 minute to respond with the answer. Prizes will be awarded to the group with the most points. 9

10 CDE Secure File Transfer Server
CDE’s Secure File Transfer Server (SFTP) provides a means to securely transfer sensitive data files. It meets the needs of CDE staff that send and receive sensitive data to and from external clients and collaborators. To access the server you need access to the Internet and a web browser. You must register and activate your account to receive and send files. 10

11 Register and Activate Your Account
You will receive an containing a delivery notification and a link to the User Registration form. Please follow these instructions: Click on the link to the User Registration form in the . Complete the User Registration form by entering the required fields. [Click Register] You will receive an containing an activation link along with your user name and an activation code. Click the [Activation Link] to activate your account; this will take you to the User sign in screen. You will also receive an confirming account activation with a link to the User sign in screen. 11

12 Access to Secure Data The purpose of the CDE Secure File Transfer Server is for secure data transfer, not long-term storage. All data on this server is deleted periodically using a secure removal program. Data is purged 14 days after it is deposited. All data uploaded and downloaded to the secure server is encrypted in transit. Users have access only to the files they have uploaded or files that have been sent as a secure delivery to their account. User accounts on the CDE Secure File Transfer Server are valid as long as they are actively being used, otherwise after 90 days of inactivity the user account will be automatically removed. 12

13 Java Runtime Environment
Note for External Users: To enhance the file transfers, it is highly recommended to have the Java™ Runtime Environment (JRE) be installed and integrated with your browser on your system. You may be asked the following. Click [Yes] 13

14 Create a User ID and Password
14

15 User Registration 15

16 Log In 16

17 Sign Out 17

18 Downloading a File When you receive an notification of a secure delivery, click the link in the or go directly to the server and sign in to CDE’s Secure File Transfer Server. Sign in to CDE’s Secure File Transfer Server ( on the user sign in screen. Type your Username and Password. Click [Sign in] From the Home page, click [View Your Deliveries] Received. On the Your Deliveries: Received screen, click the [Subject link]. On the Your Delivery screen, click the [File Name Link] to download the file to your hard drive. The sender will receive notification that you have viewed the delivery. 18

19 Uploading a File Sign in to CDE’s Secure File Transfer Server ( on the user sign in screen. Type your Username and Password. Click [Sign in] From the Home page, click [Create an Express Delivery]. On the Express Delivery screen: Enter recipient’s address. Separate multiple addresses with commas or semicolons. Enter Subject. Type a brief secure message. This message will only be visible when the recipient signs in to view the delivery. Use the Browse button to search your system files and select a file. [Click Open]. You may upload multiple files. Click [Send]. This will securely upload the file to the server and send the recipient an delivery notification with a link to the file. 19

20 Submitting files VIA the CDE Secure File Transfer Site
20

21 Step 2 and 3 Follow link and Click Received
21

22 Step 4 Click Message Subject
22

23 Step 5 Click Reply Securely
23

24 Step 6 Click Add File 24

25 Step 7 Upload File(s) 25

26 Step 8 Add a Message Send Reply
26

27 Step 9 Confirmation To Add Message
27

28 Step 10 File Successfully Sent
28

29 External vs. Internal Users
External users can only receive packages. Internal users can receive, create and send packages. The SEA will determine who will require External or Internal access to the SFTP site. 29

30 Home Screen Click on [Home] to navigate back to the home screen options. Click on the [Help link] to access Q&A and Delivery server help. 30

31 Technical Support For all technical support issues, please contact the CDE Helpdesk at or by Contact me by 31

32 Thank you for Participating Enjoy the rest of the Conference!
32


Download ppt "Data Security Awareness"

Similar presentations


Ads by Google