Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?"— Presentation transcript:

1 Data Security At Cornell Steve Schuster

2 Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell? ► What can we do?

3 Why Do We Care? ► Current federal and state law  Family Educational Rights and Privacy Act (FERPA)  Health Insurance Portability and Accountability Act (HIPAA)  Gramm-Leach-Bliley Act (GLBA)  Compromise notification laws ► 32 states ► NYS became law December 8, 2005 ► Growing social expectations due to rise in identity theft awareness ► Need to protect Cornell’s reputation

4 NYS Notification Law ► Cornell must notify and report if protected data is reasonably believed to have been inappropriately accessed ► Protected data  Name with ► Social security number ► Credit card number ► Bank account number with associated PIN ► Drivers license number ► Notification requirements  Personal notification  NYS reporting

5 Why Do We Care?

6

7

8

9 Our Biggest Challenges ► Changing/emerging law ► Growing social expectations and requirements ► Our general “openness” can make us an easier target  Cornell network  Home users  Roaming Cornell resources ► Changing the way data are handled, transmitted and protected around campus ► Answering institutional questions ► Complexity due to decentralized IT support complicates the identification of critical or sensitive resources/data ► Preparing for a legal defense now

10 Steps the University Is Taking ► New policy addressing minimum security standards ► Continue to investigate optional/additional security measures ► Formation of a Data Incident Response Team ► Determine if we should be assessing computers as they come onto our network ► More active security assessments ► Better security awareness for our users

11 Steps We Must All Take ► Identify the data on your systems and within your departments – You are responsible for the data  Social Security Numbers  Credit card numbers  Drivers license numbers ► Notify your IT staff of the data on your system if these data are sensitive ► Work with your local IT staff to ensure your system is protected  If in doubt ask ► Before performing any action on your computer ask if there’s a chance this action might put the data at risk  Clicking on e-mail attachments  Turning off the firewall, anti-virus  Installing programs from the internet ► If you work from home using personal computers  YOU are responsible for the security of your computer  Home wireless can be a particularly troublesome area  Unless it can’t be helped never store regulated data on home computers  www.cit.cornell.edu/computer/security/secure.html www.cit.cornell.edu/computer/security/secure.html

12 End User Security www.cit.cornell.edu/computer/security/secure.html

13 Other Useful Links ► Information on Identity Theft  www.consumer.gov/idtheft www.consumer.gov/idtheft  www.consumer.gov/idtheft www.consumer.gov/idtheft ► User Guidance  www.cit.cornell.edu/computer/security/secure.html www.cit.cornell.edu/computer/security/secure.html  www.cit.cornell.edu/services/identity/ www.cit.cornell.edu/services/identity/ ► University Policies  Reporting Security Incidents ► www.policy.cornell.edu/vol5_4_2.cfm www.policy.cornell.edu/vol5_4_2.cfm  Network Registration ► www.policy.cornell.edu/vol5_7.cfm www.policy.cornell.edu/vol5_7.cfm  Authentication of IT Resources ► www.policy.cornell.edu/vol5_8.cfm www.policy.cornell.edu/vol5_8.cfm  Computer Abuse ► www.policy.cornell.edu/Abuse_of_Computers_and_Network_Systems.cfm www.policy.cornell.edu/Abuse_of_Computers_and_Network_Systems.cfm ► General Campus Security Links  www.cit.cornell.edu/computer/security/ www.cit.cornell.edu/computer/security/

14 Questions?

Download ppt "Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.

Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Security Controls – What Works

Security Controls – What Works
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
University of California, Irvine TechnoExpo, September 20041 Security Awareness for Web Developers Katya Sadovsky Administrative Computing.

University of California, Irvine TechnoExpo, September Security Awareness for Web Developers Katya Sadovsky Administrative Computing.
New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.

New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Similar presentations

Ads by Google