Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.

Published byKristopher Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008."— Presentation transcript:

1 PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008

2 Background PKI introduced to campus Part of a broader strategy –Password policy –Levels of Assurance (LOA) How sure are we that you are who you say you are?

3 LOA Recommendations for Access to Personal Information (PI) LOA-1: Doesn’t require access to PI LOA-2: Access to your own PI LOA-3: Access other’s PI

4 PKI Use Cases: the early days Email - digital signatures To encrypt emails Digitally signing mass emails

5 Information is as an Asset: What is restricted information? 895.507 Notice of unauthorized acquisition of personal information. […] (b) “Personal information” means an individual’s last name and the individual’s first name or first initial, in combination with and linked to any of the following elements, if the element is not publicly available information and is not encrypted, redacted, or altered in a manner that renders the element unreadable: 1. The individual’s social security number. 2. The individual’s driver’s license number or state identification number. 3. The number of the individual’s financial account number, including a credit or debit card account number, or any security code, access code, or password that wou ld permit access to the individual’s financial account. 4. The individual’s deoxyribonucleic acid profile, as defined in s. 939.74 (2d) (a). 5. The individual’s unique biometric data, including fingerprint, voice print, retina or iris image, or any other unique physical representation. […] (2) NOTICE REQUIRED. (a) […] an entity that maintains or licenses personal information in this state knows that personal information in the entity’s possession has been acquired by a person whom the entity has not authorized to acquire the personal information, the entity shall make reasonable efforts to notify each subject of the personal information. Restricted data is PII & PHI

6 Recent use cases Registrar’s Privacy and Security Group –To reduce, and where possible eliminate, risk in the receiving, storing, dissemination, and disposal of sensitive data –To cultivate awareness of privacy and security in our individual units, our departments, the division, the campus, and anyone with whom we have contact Emails with restricted info

7 PKI Use Cases: the crystal ball Link with new campus ID card Secure VPN access Desktop/laptop encryption

8 Getting started Me first Why should they care? –Have to –Want to Free samples Work from the top and the middle

9 Marketing strategies Web: doit.wisc.edu, search: pki Email Presentations and demos Newsletter article … Postcard …

10

11

12 Lessons learned Involve management Customer service Process and procedures Plan marketing before rollout

13 Usability Slow to adopt Requires training and awareness Certs expire requiring technical support Integrate with existing ID mgt. Integration with applications –PeopleSoft –Card Space –Higgins –Other…

14 Our questions How have you made PKI more usable in your environment (any tricks of the trade)? Have you established training and docs that you would be willing to share with others? What has been the driving factor in your PKI implementations? What applications do you use with PKI?

15 Questions? ndavis1@wisc.edu lowe@wisc.edu bgrust@wisc.edu

Download ppt "PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008."

Similar presentations

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Informed Consent.

Informed Consent.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Information Security Policies and Standards

Information Security Policies and Standards
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV - 2011 NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.

ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
Identification Card – CS155b. Please fill in form below First Name: ___________ Gender: ___________ Yale Student ID # (digits 3-5): _ _ _ Driver’s License.

Identification Card – CS155b. Please fill in form below First Name: ___________ Gender: ___________ Yale Student ID # (digits 3-5): _ _ _ Driver’s License.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
University of California, Irvine TechnoExpo, September 20041 Security Awareness for Web Developers Katya Sadovsky Administrative Computing.

University of California, Irvine TechnoExpo, September Security Awareness for Web Developers Katya Sadovsky Administrative Computing.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Similar presentations

Ads by Google