Securing Information in the Higher Education Office - PowerPoint PPT Presentation


Title: Securing Information in the Higher Education Office


1
(No Transcript)
2
(No Transcript)
3
Securing Information in the Higher Education
Office
4
(No Transcript)
5
Information Security Office
  • MISSION
  • Build Security Awareness
  • Maintain and Develop Information Security Policy
  • Investigate Information Security Incidents
  • Protecting Our Constituent Information is a Team
    Effort

6
Information Security for Your Office
  • Alphabet Soup
  • Laws, Rules, Regulations, Policies, Standards
  • Best Practices
  • Data Classification
  • And How to Classify Data
  • Protecting Information

7
Information We Keep
  • Students, Faculty, Staff, Donors, Contractors
  • Financial Records
  • Grades
  • Credit Card Information
  • Health Care Information
  • Addresses
  • Phone Numbers
  • Insurance Records
  • Social Security Numbers
  • All Protected By Law!

8
Alphabet Soup
  • So Many Laws . . .
  • FERPA
  • HIPAA
  • PCI-DSS
  • GLB
  • SOX
  • Red Flag Alerts
  • California SB 138628-51-

9
Alphabet Soup
  • . . . And Institutional Policy!

10
Alphabet Soup
  • P. I. I.
  • Personally Identifiable Information
  • The One Acronym That Says it All!

11
Best Practices
  • Know the Data Your Office Handles
  • Data Classification
  • Know How to Safeguard the Data
  • Protecting Information

12
Best Practices
  • Know what to protect
  • Data Classification
  • Method to identify the level of protection
    various kinds of information need or require

13
Data Classification Example
  • Data ClassificationLevel One
  • Private information that must be protected as
    required by law, industry regulation, or by
    contract
  • Examples?
  • Consequences of loss
  • Loss of funding
  • Fines
  • Bad Publicity
  • Expose students, staff, contractors, donors to
    identity theft

14
Data Classification Example
  • Data ClassificationLevel Two
  • Protected information that may be available
    through Freedom of Information Act Requests to
    Examine or Copy Records. Or, state sunshine laws
  • Examples?
  • Consequences of loss
  • Loss of funding
  • Fines
  • Bad Publicity
  • Expose students, staff, contractors, donors to
    identity theft

15
Data Classification Example
  • Data ClassificationLevel Three
  • Public Information
  • Examples?
  • Consequences of loss
  • Loss of personal use of a computer
  • Loss of personal data with no impact to the
    university
  • Bad Publicity

16
Best Practices
  • How Can Data be Lost?
  • Laptop or other data storage system stolen from
    car, lab, or office.  
  • Research Assistant accesses system after leaving
    research project because passwords aren't
    changed.  
  • Unauthorized visitor walks into unlocked lab or
    office and steals equipment or accesses unsecured
    computer.  
  • Unsecured application on a networked computer is
    hacked and data stolen.

17
Best Practices
  • Protecting Information
  • Dont let personnel issues become security issues
  • Control access to buildings and work areas
  • If you print itgo get it right away
  • Lock up sensitive informationincluding laptops
  • Store sensitive information on file servers
  • Shred it if you can
  • Know Your Schools Information Handling Policies

18
Best Practices
  • Protecting Information
  • Use strong passwords
  • Change passwords often
  • Use different passwords on different systems
  • Never share your password
  • Password protect your screensaver
  • Manually lock your screen whenever you leave your
    desk

19
Best Practices
  • Protecting Information
  • Be sure your office computers operating systems
    and anti-virus software are up-to-date
  • Remind staff to never open unsolicited email from
    an unknown source or click on unfamiliar web
    addresses
  • Follow computer salvage proceduresfor disks,
    too!

20
Best Practices
  • Know who to call!
  • I think an office computer is infected, what do I
    do?
  • I think I lost the USB drive I used to take some
    sensitive files home to work on, what do I do?

21
(No Transcript)
View by Category
About This Presentation
Title:

Securing Information in the Higher Education Office

Description:

The Big Three of Information Security Confidentiality the need to strictly limit access to data to protect the university and individuals from loss Integrity ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 22
Provided by: bob1415
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Securing Information in the Higher Education Office


1
(No Transcript)
2
(No Transcript)
3
Securing Information in the Higher Education
Office
4
(No Transcript)
5
Information Security Office
  • MISSION
  • Build Security Awareness
  • Maintain and Develop Information Security Policy
  • Investigate Information Security Incidents
  • Protecting Our Constituent Information is a Team
    Effort

6
Information Security for Your Office
  • Alphabet Soup
  • Laws, Rules, Regulations, Policies, Standards
  • Best Practices
  • Data Classification
  • And How to Classify Data
  • Protecting Information

7
Information We Keep
  • Students, Faculty, Staff, Donors, Contractors
  • Financial Records
  • Grades
  • Credit Card Information
  • Health Care Information
  • Addresses
  • Phone Numbers
  • Insurance Records
  • Social Security Numbers
  • All Protected By Law!

8
Alphabet Soup
  • So Many Laws . . .
  • FERPA
  • HIPAA
  • PCI-DSS
  • GLB
  • SOX
  • Red Flag Alerts
  • California SB 138628-51-

9
Alphabet Soup
  • . . . And Institutional Policy!

10
Alphabet Soup
  • P. I. I.
  • Personally Identifiable Information
  • The One Acronym That Says it All!

11
Best Practices
  • Know the Data Your Office Handles
  • Data Classification
  • Know How to Safeguard the Data
  • Protecting Information

12
Best Practices
  • Know what to protect
  • Data Classification
  • Method to identify the level of protection
    various kinds of information need or require

13
Data Classification Example
  • Data ClassificationLevel One
  • Private information that must be protected as
    required by law, industry regulation, or by
    contract
  • Examples?
  • Consequences of loss
  • Loss of funding
  • Fines
  • Bad Publicity
  • Expose students, staff, contractors, donors to
    identity theft

14
Data Classification Example
  • Data ClassificationLevel Two
  • Protected information that may be available
    through Freedom of Information Act Requests to
    Examine or Copy Records. Or, state sunshine laws
  • Examples?
  • Consequences of loss
  • Loss of funding
  • Fines
  • Bad Publicity
  • Expose students, staff, contractors, donors to
    identity theft

15
Data Classification Example
  • Data ClassificationLevel Three
  • Public Information
  • Examples?
  • Consequences of loss
  • Loss of personal use of a computer
  • Loss of personal data with no impact to the
    university
  • Bad Publicity

16
Best Practices
  • How Can Data be Lost?
  • Laptop or other data storage system stolen from
    car, lab, or office.  
  • Research Assistant accesses system after leaving
    research project because passwords aren't
    changed.  
  • Unauthorized visitor walks into unlocked lab or
    office and steals equipment or accesses unsecured
    computer.  
  • Unsecured application on a networked computer is
    hacked and data stolen.

17
Best Practices
  • Protecting Information
  • Dont let personnel issues become security issues
  • Control access to buildings and work areas
  • If you print itgo get it right away
  • Lock up sensitive informationincluding laptops
  • Store sensitive information on file servers
  • Shred it if you can
  • Know Your Schools Information Handling Policies

18
Best Practices
  • Protecting Information
  • Use strong passwords
  • Change passwords often
  • Use different passwords on different systems
  • Never share your password
  • Password protect your screensaver
  • Manually lock your screen whenever you leave your
    desk

19
Best Practices
  • Protecting Information
  • Be sure your office computers operating systems
    and anti-virus software are up-to-date
  • Remind staff to never open unsolicited email from
    an unknown source or click on unfamiliar web
    addresses
  • Follow computer salvage proceduresfor disks,
    too!

20
Best Practices
  • Know who to call!
  • I think an office computer is infected, what do I
    do?
  • I think I lost the USB drive I used to take some
    sensitive files home to work on, what do I do?

21
(No Transcript)
About PowerShow.com