1 / 20

Information Security on the “Front Lines”

Information Security on the “Front Lines”. Created By OIT Information Security Services http://oit.boisestate.edu/security/. Universities in the News!. University of Idaho 70,000 Donor Records University of Texas at Austin 225,000 Student Records UCLA 500,000 Student Records.

azia
Télécharger la présentation

Information Security on the “Front Lines”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security on the “Front Lines” Created By OIT Information Security Services http://oit.boisestate.edu/security/

  2. Universities in the News! University of Idaho 70,000 Donor Records University of Texas at Austin 225,000 Student Records UCLA 500,000 Student Records

  3. University NOT in the News! Boise State University Zero Lost Records So Far! Go Broncos!

  4. The Information We Keep Students, Faculty, Staff, Donors, Contractors • Financial Records • Grades • Credit Card Information • Health Care Information • Addresses • Phone Numbers • Insurance Records • Social Security Numbers • All Protected By Law!

  5. Alphabet Soup Everybody Loves Acronyms! • FERPA • HIPAA • PCI-DSS • GLBA • SOX • “Red Flag” Alerts • Idaho Code • §28-51-105

  6. Alphabet Soup PII • Personally • Identifiable • Information • This is the Key Acronym!

  7. Alphabet Soup FERPA • Family • Educational • Rights and • Privacy • Act • Protects the privacy of students’ educational records Non-compliance? • Loss of federal funding • Fines • Expose students to identity theft

  8. Alphabet Soup HIPAA Health Information Portability and Accountability Act • Protect confidentiality of health care information • Protect workers’ health insurance when changing jobs • Standardize electronic health care data interchange Non-compliance? • Fines • Expose students and employees to identity theft

  9. Alphabet Soup PCI-DSS Payment Card Industry Data Security Standard • Industry requirements for protecting customer payment account information • Established by consortium of the major payment card brands Non-Compliance? • Increased fee$ for accepting credit card payments • Mandatory PCI-DSS audits (paid for by Boise State) • Identity Theft

  10. Alphabet Soup GLB • Graham-Leech-Bliley Act of 1999 • Requires financial institutions to protect their customers personally identifiable information • Non-Compliance? • Fines • Exposure of students, families, and employees to identity theft

  11. Alphabet Soup SOX • Sarbanes-OXley Act of 2002 • Requires all publicly held companies to submit an annual assessment of the effectiveness of their internal financial auditing controls to the Securities and Exchange Commission • Officers of the companies must certify that they aren’t “cooking the books”

  12. Alphabet Soup “Red Flag” Alerts • Fair and Accurate Credit Transactions Act • Requires monitoring and alerting for suspicious transactions that could indicate identity theft or fraud • Broad list of “suspicious transactions”

  13. Alphabet Soup Idaho Code §28-51-105 • Idaho’s Identity Theft Law • Requires reporting of security breaches which expose Personally Identifiable Information that can be used to obtain credit, apply for Driver’s License, or apply for other forms of identification

  14. Boise State Policies Information Technology Resource Use (BSU # 8000) • http://policy.boisestate.edu/wp-content/uploads/2011/05/8000_informationtechnologyresourceuse.pdf Information Privacy and Security (BSU # 8060) • http://policy.boisestate.edu/wp-content/uploads/2011/05/8060_InformationPrivacySecurity.pdf Cash Handling (BSU # 6010) • http://policy.boisestate.edu/wp-content/uploads/2011/05/6010_CashHandling.pdf

  15. Alphabet Soup - - TMI !!! • Or “TMA” -- too many acronyms! What should I do?

  16. Protect Constituent Data • If you print it—go get it • Shred it if you can • Be sure you can release it • If you aren’t sure, check with your supervisor • Lock it up! • Don’t leave sensitive information in the open • That includes laptops and other mobile media Know What Boise State Policy Requires

  17. Follow Information Security Best Practices • Use strong passwords • Change passwords often • Use different passwords on different systems • Never share your password

  18. Follow Information Security Best Practices Password protect your screensaver • Manually lock your screen whenever you leave your desk Store sensitive information on file servers Never open unsolicited email from an unknown source or click on unfamiliar web addresses Be sure your computer and anti-virus software are up-to-date

  19. Follow Information Security Best Practices Know who to call • I think my computer is infected, what do I do? • Call the Help Desk at 6-4357 • I think I’ve lost the USB drive I used to take some sensitive files home to work on, what do I do? • Call the Information Security Office at 6-5501

  20. Information Security on the “Front Lines” • Incident Response Procedure http://oit.boisestate.edu/security/it-security-policy-and-procedures/incresponseprocedure/

More Related