k eep i t c onfidential prepared by: security architecture collaboration team

17
Keep It Confidential Prepared by: Security Architecture Collaboration Team

Upload: clayton-james

Post on 14-Dec-2015

212 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Keep

It

Confidential

Prepared by: Security Architecture Collaboration Team

Page 2: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Data Confidentiality

• What data is considered confidential?• Data Classification– Public

• Campus maps

– Sensitive• Contractual obligation to protect• Right to Know

– Restricted• Required by law

– HIPAA– FERPA

05/15/2009 2

Page 3: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Data Confidentiality

• Remember the 3R’s– Roles– Rules– Responsibility

05/15/2009 3

Page 4: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Roles

• System Administrator/Technical• Management• Faculty• Student• Staff

05/15/2009 4

Page 5: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Rules

• PASSHE Policy• Employment Contract• Confidentiality Policy• Risk Assessment

05/15/2009 5

Page 6: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Responsibility

• Everyone

05/15/2009 6

Page 7: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Responsibility• Individual accountability• System Administrators and Managers

– Responsible for safeguarding confidential data– Responsible for compliance– Responsible for persons under their supervision

• Faculty– Responsible for confidential data to which they have access

• Bio/Demo data (including DOB and SSN)• Student Grades and historical data

• Students– Responsible for managing their own confidential data

• Log out of session• Do not share passwords

• Staff– Responsible for confidential data to which they have access

• Bio/Demo data (including DOB and SSN)• Student Grades and historical data• Salary Information

05/15/2009 7

Page 8: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

User Security Awareness• Topics– Password use and management– Virus protection– Phishing/Spam– Laptop/Handheld Device– Access privileges– Data backup and storage– Incident response

05/15/2009 8

Page 9: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Security Breaches• Follow designated policies and procedures

05/15/2009 9

Page 10: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Misuse Penalties• Civil and Criminal• Conflict of Interest• Disciplinary Action

05/15/2009 10

Page 11: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Checklist Policies and procedures are in place Data submissions are fully protected

Data encryptionData transfer agreement

Penalties for misuse are in writing and are enforced Access to data is restricted based on University role

ElectronicData storage areas

Employees sign and understand confidentiality agreement

05/15/2009 11

Page 12: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Checklist

Timely threat notificationsSecurity Breaches

Affects institutions’ finances, productivity and credibility

CybercrimeHackingMalwarePhishingUSB drives

05/15/2009 12

Page 13: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Checklist

Training program has been developedRe-training conducted based on performance

Routine evaluations are conductedDeveloped a disaster and recovery planFirewalls are in placeRoutine virus checking, system audits and

diagnosticsData retention schedule05/15/2009 13

Page 14: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Checklist

Notation on all records containing identifiable data (e.g. confidentiality reminder)

Telecommuting and home officesSame level of securityAdditional safeguards

Minimal data on home computerSecurity SoftwarePassword control

Secure transport from one location to another

05/15/2009 14

Page 15: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

ChecklistOpen-access area security

Written data not left out in the openLog out of sessions

Fax/Copy machinesSecure areaCover sheetsDe-program to recover confidential information

Established document disposal proceduresProtection of hard copy informationWritten consent to release to outside agencies

Double check before providing information

05/15/2009 15

Page 16: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Confidentiality Agreement

05/15/2009 16

Page 17: K eep I t C onfidential Prepared by: Security Architecture Collaboration Team

Resources

PASSHENational Cyber Security Alliance (NCSA)

http://www.staysafeonline.org

05/15/2009 17