Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.

Published byBarrie Lambert Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014."— Presentation transcript:

1 Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014

2 2 Objectives ORSP staff will be able to: Recognize confidential data Understand the risks of exposing confidential data Facilitate a dialog within ORSP for increasing security of confidential data

3 3 Why Data Security?

4 4 What Is Confidential Data? Passwords, credentials, or PIN’s Social Security Number and Name Birth date + four digits of SSN and Name Credit Card Numbers Tax ID + Name Driver’s License, State ID, Passport Health Insurance Information Medical or Psychological Counseling Records Bank Account or Debit Card + access code More….

5 5 What Does It Look Like? Budget Spreadsheets (pre-2009) Scanned ID for Travel Invoices (Tax ID)

6 6 Why Bother? Ethical: we care about the privacy of the records we handle on behalf of faculty, staff, and students Trust and Prestige: the University is entrusted with personal information; ORSP granting authority Disruption: when data is lost, lots of paperwork must be completed, processes changed Financial: security Breaches are calculated as a cost per record (sample cost = $64 per record) Think about the institutions you transact with (banking, medical, etc.). How do you want your personal data handled?

7 7 ORSP and Risk Liability 763,000 Social Security Numbers 4,000 are Credit Card Numbers 200 passwords (unanalyzed findings from sensitive data scan) Example cost: 50,000 SSN’s X $64 = $3,200,000

8 8 ORSP and Confidential Data If you’ve worked for ORSP for more than five years, you have confidential data in your file storage. Payroll: SSN’s for faculty, staff, student employees, contractors, etc. Fiscal: Vendor payment vouchers include Tax ID and business name Travel: Passports, CaDL, State ID Passwords: spreadsheets or text files with passwords to University system (or personal systems)

9 9 How Can I Protect My Work at ORSP? Recognize confidential data Remove unused/inactive confidential data files Stop using confidential data files Secure workstation, network, storage (AT Desktop) Be cautious of email phishing Do not leave workstation unattended while logged into sensitive systems

10

11 11

12 12 ORSP Next Steps 1.Reduce the amount of old or unneeded data in ORSP storage (and by proxy, reducing the amount of confidential data) 2.Identify where ORSP uses confidential data in its workflow (where it currently uses it, where it can cease to use it)

13 13 Reduce Inactive Data Review existing share folders to identify non-active folders/files and those that are no longer needed

14 14 Where Does We Use Confidential Data? What ORSP work processes generated the confidential data? Are those processes still required?

15 15 More Resources… CSU Skillport Training (will be replacing former ESIP training) 1.Visit https://ds.calstate.edu/?svc=skillsoft&org=sfsu 2.Select "San Francisco" 3.Login with your SF State ID and password 4.Select "My Plan" For FERPA training: * Find "FERPA" and click "Launch" For Data Security & Privacy Training * Find "Data Security & Privacy" and click "Launch"

16 16 For Questions, Contact: AT Desktop Service Phone: 415-405-5562 Email: at_desk@sfsu.eduat_desk@sfsu.edu Ticket: http://service.sfsu.edu

Download ppt "Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014."

Similar presentations

JPMorgan Chase Purchasing Card Training

JPMorgan Chase Purchasing Card Training
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.

DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Presented by: Cassells & Associates, CPA, P.A.. Presented by: An always-on connection to your financials Accounting CS offers a completely new way to.

Presented by: Cassells & Associates, CPA, P.A.. Presented by: An always-on connection to your financials Accounting CS offers a completely new way to.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1EFT / My Reimbursements Project Division of Finance and ISC.

1EFT / My Reimbursements Project Division of Finance and ISC.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.

DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.

By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
Protecting Sensitive Information PA Turnpike Commission.

Protecting Sensitive Information PA Turnpike Commission.

Similar presentations

Ads by Google