Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virginia Tech’s Effective Practices for Managing Sensitive Data Common Solutions Group January 11, 2008.

Published bySydney Webb Modified over 9 years ago

Similar presentations

Presentation on theme: "Virginia Tech’s Effective Practices for Managing Sensitive Data Common Solutions Group January 11, 2008."— Presentation transcript:

1 Virginia Tech’s Effective Practices for Managing Sensitive Data Common Solutions Group January 11, 2008

2 VT EP for Managing Sensitive Data Our needs… Stay out of the Press. Stay out of the courts. Preserve the integrity of the data. Respect the privacy of our students and employees.

3 VT EP for Managing Sensitive Data Education On-demand Compliance HR Disciplinary Action Building Blocks Acceptable Use Policy Data Classification Tools SSL Pre-2003 #1: Do what you can when you can do it.

4 VT EP for Managing Sensitive Data #2. Create a framework for doing it.

5 VT EP for Managing Sensitive Data #3. Garner support from the Big Sticks. Board of Visitors University Legal Counsel Internal Audit Campus Police

6 VT EP for Managing Sensitive Data Education Awareness sessions Faculty Dev. Institute Communication SANS-EDU Compliance ITSO Security Reviews Audit Building Blocks Authority Docs VTCA Policies (SSN) Standards (PII) Tools Find_SSN Find_CCN Encryption 2008 #4. Don’t think you’re done.

7 VT EP for Managing Sensitive Data Security Standards for Social Security Numbers IT Standards –SSN on display screens, reports –Security protocol to access SSN on VT DB –Electronic Storage of SSN (encrypt it) –Electronic transmission of SSN (encrypt it) –Obtain permission to include SSN in ANY electronic system Records management handles paper documents

8 VT EP for Managing Sensitive Data Benefits Lack of a complete solution has not prevented us from implementing partial solutions. Everyone has a role. –Members of the IT organization and the university have increased their involvement, interest and awareness in security through policy development, tool development and by participating in VT IT Security Task Force.

9 VT EP for Managing Sensitive Data Challenges Pulling all the pieces together to create a comprehensive plan for securing personally identifying information (PII).

10 VT EP for Managing Sensitive Data Future Plans Meet the challenge!

11 VT EP for Managing Sensitive Data References Virginia Tech IT-Related University Policies http://www.policies.vt.edu/index.php#it http://www.policies.vt.edu/index.php#it Security Standards for Social Security Numbers http://computing.vt.edu/administrative_systems/banner/s ecurity%20standards_5July05.pdf http://computing.vt.edu/administrative_systems/banner/s ecurity%20standards_5July05.pdf Virginia Tech Certification Authority http://www.pki.vt.eduhttp://www.pki.vt.edu Virginia Tech Information Technology Security Office http://security.vt.edu http://security.vt.edu Virginia Tech IT Security Task Force https://content.cc.vt.edu/confluence/display/ITS/Home https://content.cc.vt.edu/confluence/display/ITS/Home Administrative Data Management and Access Policy http://www.policies.vt.edu/7100.pdf http://www.policies.vt.edu/7100.pdf

Download ppt "Virginia Tech’s Effective Practices for Managing Sensitive Data Common Solutions Group January 11, 2008."

Similar presentations

AUTOMATING FREE & REDUCED MEAL APPLICATION PROCESSING Online Submission Presented To Muscogee County GA. SD Image One – 1-800-956-9000 X208 www.Image-1.com.

AUTOMATING FREE & REDUCED MEAL APPLICATION PROCESSING Online Submission Presented To Muscogee County GA. SD Image One – X208
Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner www.ociusmedinfo.com.

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner
Contract Review Process Round Table Corporate Counsel Section April 11, 2007.

Contract Review Process Round Table Corporate Counsel Section April 11, 2007.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
The International Security Standard

The International Security Standard
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
SIU School of Medicine Identity Protection Act and Associated SIU Policy.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.
PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014.

PII – Identifying and Managing Risk Presented by: UNL Office of Internal Audit and ITS Security March 2014.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Security Controls – What Works

Security Controls – What Works
Release Management in SAP David Osborne, Planning & Release Management, Canada Customs and Revenue Agency May 20, 2003 Session 2909.

Release Management in SAP David Osborne, Planning & Release Management, Canada Customs and Revenue Agency May 20, 2003 Session 2909.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Mary Dunker Common Solutions Group January 12, 2010.

Mary Dunker Common Solutions Group January 12, 2010.
Environmental Management Systems Refresher

Environmental Management Systems Refresher
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Similar presentations

Ads by Google