Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security Audit October 13 th, 2010 Thompson School District.

Published byDandre Josephs Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Security Audit October 13 th, 2010 Thompson School District."— Presentation transcript:

1 Data Security Audit October 13 th, 2010 Thompson School District

2 Data Security Audit Anne Gallagher - IT Auditor from Swanhorst & CO Interviewed AP/HR/Purchasing personnel Focus on making sure we do our due diligence to protect the data that we collect and manage that could be used in identity theft SSN/Bank Account/Date of Birth/Federal ID (TIN) (Think about what questions are posed to verify your identity over the phone)

3 Data Security Audit We are the appointed custodians of sensitive information and we must act appropriately Most thefts come from inside  Never give out your password and reset it often to prevent unauthorized access  Protect sensitive information in your work area  Don’t leave sensitive information on your computer when you step away

4 Data Security Audit Processes to be mindful of include:  Transferring sensitive data to flash drives  Transferring sensitive data to laptops  Transferring sensitive data to vendors/3 rd parties Avoid sending through US Mail or E-mail Avoid Faxes both incoming and outgoing unless the fax machine is in a secure location Use secure websites or file transfer programs  Use secure locations on network to store data, avoid storing files containing sensitive information on your local drive

5 Data Security Audit Reports/Hard-Copy Forms  Because we cannot eliminate the use of sensitive information, we must protect it on hard-copy forms.  Hard-copies should be locked up or placed in a secured area when not in use.  Consider physically masking sensitive information Sharpie cover-up Stickers

6 Data Security Audit Reports/Hard-Copy Forms  Destroy hard-copies as soon as no longer needed or retention dead-line passes  Hard-copies that need shredding should be locked up or placed in a secured area until collected.  Limit the number of people handling hard-copies  Review if sensitive information can be removed from reports/forms

7 Data Security Audit Changes to better protect our data?  Review your processes/forms  Obtain locked shred collection bin  Reconfigure workspaces to limit public access to hard-copy documents  Desktop shredders Your thoughts?

Download ppt "Data Security Audit October 13 th, 2010 Thompson School District."

Similar presentations

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.
1 Creating a Data Backup Oakland University University Relations Updated - June 2006.

1 Creating a Data Backup Oakland University University Relations Updated - June 2006.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.
Consumer Issues Chapter 28.

Consumer Issues Chapter 28.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.

Comergence 3/14/13. What Does Comergence Do? Comergence provides streamlined processing and centralized storage of Correspondent applications nationwide.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.

HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

Similar presentations

Ads by Google