Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Information in the Higher Education Office.

Similar presentations


Presentation on theme: "Securing Information in the Higher Education Office."— Presentation transcript:

1

2

3 Securing Information in the Higher Education Office

4

5 Information Security Office MISSION: –B–Build Security Awareness –M–Maintain and Develop Information Security Policy –I–Investigate Information Security Incidents Protecting Our Constituent Information is a Team Effort

6 Information Security for Your Office Alphabet Soup – Laws, Rules, Regulations, Policies, Standards Best Practices – Data Classification And How to Classify Data – Protecting Information

7 Information We Keep Students, Faculty, Staff, Donors, Contractors – Financial Records – Grades – Credit Card Information – Health Care Information – Addresses – Phone Numbers – Insurance Records – Social Security Numbers All Protected By Law!

8 Alphabet Soup So Many Laws... – FERPA – HIPAA – PCI-DSS – GLB – SOX – “Red Flag” Alerts – California SB 1386§28- 51-

9 Alphabet Soup... And Institutional Policy!

10 Alphabet Soup P. I. I. – Personally Identifiable Information The One Acronym That Says it All!

11 Best Practices Know the Data Your Office Handles – Data Classification Know How to Safeguard the Data – Protecting Information

12 Best Practices Know what to protect – Data Classification Method to identify the level of protection various kinds of information need or require

13 Data Classification Example Data Classification—Level One – Private information that must be protected as required by law, industry regulation, or by contract Examples? – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

14 Data Classification Example Data Classification—Level Two – Protected information that may be available through Freedom of Information Act Requests to Examine or Copy Records. Or, state sunshine laws Examples? – Consequences of loss Loss of funding Fines Bad Publicity Expose students, staff, contractors, donors to identity theft

15 Data Classification Example Data Classification—Level Three – Public Information Examples? – Consequences of loss Loss of personal use of a computer Loss of personal data with no impact to the university Bad Publicity

16 Best Practices How Can Data be Lost? Laptop or other data storage system stolen from car, lab, or office. Research Assistant accesses system after leaving research project because passwords aren't changed. Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer. Unsecured application on a networked computer is hacked and data stolen.

17 Best Practices Protecting Information – Don’t let personnel issues become security issues – Control access to buildings and work areas – If you print it—go get it right away – Lock up sensitive information—including laptops – Store sensitive information on file servers – Shred it if you can Know Your School’s Information Handling Policies

18 Best Practices Protecting Information – Use strong passwords – Change passwords often – Use different passwords on different systems – Never share your password – Password protect your screensaver Manually lock your screen whenever you leave your desk

19 Best Practices Protecting Information – Be sure your office computers’ operating systems and anti-virus software are up-to-date – Remind staff to never open unsolicited email from an unknown source or click on unfamiliar web addresses – Follow computer salvage procedures—for disks, too!

20 Best Practices Know who to call! – I think an office computer is infected, what do I do? – I think I lost the USB drive I used to take some sensitive files home to work on, what do I do?

21


Download ppt "Securing Information in the Higher Education Office."

Similar presentations


Ads by Google