Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stanford Computer Security and You . Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets.

Published byCornelia Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Stanford Computer Security and You . Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets."— Presentation transcript:

1 Stanford Computer Security and You 

2 Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets and resources  Very complex and robust networking and computing environment

3 Internet  Internet environment is open, sharing, exploratory, experimental  Many information assets and resources  Distributed management  Can be “unsafe”

4  Partner to protect Stanford information assets and resources while supporting the institution’s broad and relatively open access requirements  Works with:  Internal Audit  Networking  Risk Management  Office of General Counsel  Judicial Affairs  Residential Computing  Departments and Schools,  … and You! Information Security Services

5 Focus  Meet legal requirements  Improve individual security knowledge and awareness  Improve administrative systems security  Improve overall SUNet security

6 Legislation: Support Issues  FERPA  Protect private student information  HIPAA  Protect personal health information (PHI)  GLBA  Protect “banking” transaction information  SEVIS  Provide foreign student information  DMCA  Protect copyrighted information  California Law  May not use SSN as identifier  Must disclose compromise of private information Improve Administrative Systems Security

7 Awareness Campaign  Postcards sent to every employee  Web site securecomputing.stanford.edu  Student focus in Fall  Approaching Stanford  Packets on beds  Residence hall contest  Ongoing activities  Stanford 101  Communicating with returning students  Technical security training  Continuing to expand web site Improve Individual Security Awareness

8 Improve Application Security  Participate with the project and support teams  Design security infrastructure  Participated in security reviews Improve Administrative Systems Security

9 Categories of Data Criteria: Use these criteria to determine which data category is appropriate for a particular information or infrastructure system. A positive response to the highest category in any row is sufficient to place that system into that Category. Category A (highest, most sensitive) Category B (moderate level of sensitivity) Category C (very low, but still some sensitivity) Legal requirements Protection of data is required by law (see attached list for specific HIPAA and FERPA data elements) Stanford has a contractual obligation to protect the data Reputation risk High MediumLow Other Institutional Risks Information which provides access to resources, physical or virtual Smaller subsets of Category A data from a school, large part of a school, department Data about very few people or other sensitive data assets Examples  Medical  Students  Prospective Students  Personnel  Donor or prospect  Financial  Contracts  Physical plant detail  Credit Card numbers  Certain management information  Information resources with access to Category-A data  Research detail or results that are not Category-A  Library transactions (e.g., catalog, circulation, acquisitions)  Financial transactions which do not include Category-A data (e.g., telephone billing)  Very small subsets of Category A data Improve Administrative Systems Security

10 Firewall Architecture (c onceptual) Improve Administrative Systems Security

11 Institutional Efforts Today  Filtering extremely high-risk traffic at the border  Proactive scanning  Security alerts  Sampling all five Internet feeds Improve Overall SUNet Security

12 Significant Security Payoff Improve Overall SUNet Security

13 Individual Efforts Today  Set good passwords on all machines  Keep NetDB entries current  Patch appropriately  Practice security at appropriate levels for the data you’re working with  http://securecomputing.stanford.edu

14 Beyond Today  Continue to improve Stanford security  Health check  Patch management  Education What’s Next

15 Contact Information: Security@Stanford.eduSecurity@Stanford.edu and 650 723-2911 http://security.stanford.edu Contact Information: Security@Stanford.eduSecurity@Stanford.edu and 650 723-2911 http://security.stanford.edu How We Can All Help Protect Stanford’s Information Resources  Be aware  Keep your systems clean and healthy  Lead by example

Download ppt "Stanford Computer Security and You . Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.

Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.

Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.

Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.

Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.
Security Controls – What Works

Security Controls – What Works
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Data Governance Data Architecture Data Development Database Operations Data Security Management Referene & MDM DW & BI Document & Content Mgmt Meta.

Data Governance Data Architecture Data Development Database Operations Data Security Management Referene & MDM DW & BI Document & Content Mgmt Meta.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Persistent Digital Archives and Library System (PeDALS) A Guide for Wisconsin State Agencies.

Persistent Digital Archives and Library System (PeDALS) A Guide for Wisconsin State Agencies.

Similar presentations

Ads by Google