Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Published byJemimah Logan Modified over 10 years ago

Similar presentations

Presentation on theme: "Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance."— Presentation transcript:

1 Information Security Awareness April 13, 2003

2 Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance Our responsibility to safeguard private info Our responsibility to safeguard private info Rapid growth in the number, frequency, and destructiveness of electronic attacks Rapid growth in the number, frequency, and destructiveness of electronic attacks Failure to take appropriate safeguards leaves college open to civil lawsuit Failure to take appropriate safeguards leaves college open to civil lawsuit

3 Actions Taken HIPAA task force HIPAA task force Appointment of Information Security Officer, Information Security Coordinator Appointment of Information Security Officer, Information Security Coordinator Task force to examine GLB compliance Task force to examine GLB compliance Survey of private information held by departments covered by GLB Survey of private information held by departments covered by GLB Draft Information Security Plan for GLB Draft Information Security Plan for GLB

4 Actions Taken (continued) Centrally managed virus protection Centrally managed virus protection Servers in a secured area Servers in a secured area Frequent systems backups, offsite tape storage Frequent systems backups, offsite tape storage Network traffic management tools regulate, diagnose incursions and policy violations Network traffic management tools regulate, diagnose incursions and policy violations Firewall, Virtual Private Network Firewall, Virtual Private Network SSN to Generated ID conversion plan SSN to Generated ID conversion plan

5 Next Steps Policy and Procedures review Policy and Procedures review Clarification of covered information Clarification of covered information Review account security Review account security Approve Information Security Plan (ISP) Approve Information Security Plan (ISP) Self-assessment using ISP Self-assessment using ISP Make security adjustments in policies, practices, ISP Make security adjustments in policies, practices, ISP Tighten electronic security to reduce liability Tighten electronic security to reduce liability

6 In The Meantime Be sensitive to what private individual information you hold Be sensitive to what private individual information you hold If you don’t need it to do your job, give it back to the information custodian If you don’t need it to do your job, give it back to the information custodian Use common sense to protect its privacy Use common sense to protect its privacy Follow written policies and procedures Follow written policies and procedures Report breaches to Mary Holland (ISO) or Kevin Connolly (ISC) Report breaches to Mary Holland (ISO) or Kevin Connolly (ISC)

7 Basic Systems Security Keep confidential paper records locked Keep confidential paper records locked Wipe data from old media before disposal Wipe data from old media before disposal Keep user IDs and passwords private Keep user IDs and passwords private Change passwords frequently Change passwords frequently Don’t share your account Don’t share your account Log off when you leave Log off when you leave Lock your office when you leave Lock your office when you leave Report suspected violations Report suspected violations

8 SSN/Generated ID Conversion Project IT conducted an assessment of effort required to IT conducted an assessment of effort required to convert systems from using SSN as ID to a generated ID convert systems from using SSN as ID to a generated ID remove use of SSN as a password remove use of SSN as a password Not a legal requirement but a method of risk reduction against electronic theft Not a legal requirement but a method of risk reduction against electronic theft

9 Generated ID Project Scope Banner plus 7 other systems use SSN as an ID (highest risk) Banner plus 7 other systems use SSN as an ID (highest risk) 3 systems use SSN for password (low risk) 3 systems use SSN for password (low risk) Immediate risk reduction: Web for Faculty implementation reduces exposure of SSN Immediate risk reduction: Web for Faculty implementation reduces exposure of SSN New network, email, Blackboard passwords to be generated values fall ‘04 New network, email, Blackboard passwords to be generated values fall ‘04

10 Project Timing 1-2 year project depending on resources available and intervening priorities 1-2 year project depending on resources available and intervening priorities Development and test takes most of time Development and test takes most of time Conversions to occur quickly at project end Conversions to occur quickly at project end VPs have approved project VPs have approved project Work commences after Web for Faculty and online credit card payment completes Work commences after Web for Faculty and online credit card payment completes

11 Questions?

Download ppt "Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance."

Similar presentations

University of Minnesota

University of Minnesota
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Securing NPI Mary Schuster Mike Murphy.  Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information.

Securing NPI Mary Schuster Mike Murphy.  Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Welcome to New Hire Orientation Information Security

Welcome to New Hire Orientation Information Security
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Addressing Information Security at Heller October 16, 2013 secureHeller.

Addressing Information Security at Heller October 16, 2013 secureHeller.

Similar presentations

Ads by Google