250 likes | 371 Vues
Staff development Day. Security & New Technologies College of Dentistry The Ohio State University. Ahhh , security. Restricted Data. OSU Classifies 3 Levels of Data Public – Ordinary information, freely available (stats, websites, publications, etc.)
E N D
Staff development Day Security & New Technologies College of Dentistry The Ohio State University
Restricted Data • OSU Classifies 3 Levels of Data • Public – Ordinary information, freely available (stats, websites, publications, etc.) • Limited Access – Data with access controlled via username & password (this includes ANY data in any enterprise system, unless otherwise specified, such as SIS, PeopleSoft, etc.) • Restricted
Why is it restricted? • Adversely affect the ability of the University to accomplish its mission • Lead to possibility of identity theft if released • Put the University in a state of non-compliance with various state and federal regulations such as FERPA, HIPAA, or GLBA • Put the University in a state of non-compliance with contractual obligations such as payment card industry (PCI) data security standards
Handling Restricted Data • Data must be secured at all times • Data can not be stored or transported on any non-OSU owned device, not even if it is encrypted • Data can not be emailed to or from a standard email system
What if I need to email restricted data? Don’t Use the Telephone Speak face to face
But… I really, really need to email it • OSUSECURE
How does it work? OSUSECURE
What does the recipient see? • It depends • If they are on the OSU UES… no difference! • Including the OSU Medical Center • By the end of 2014, will include entire University • If they are on a compatible secure system, exactly what you sent, except for a Zix footer! • If they are not using a compliant mail system…
Nothings Perfect • osu.edu ≠ osu.edu • Students are NOT a part of the University Email System (UES) • BuckeyeMail, which is actually a cloud based email service , run, and managed by Microsoft • Restricted Data can not be stored or transported on any non-OSU owned device or network • Uh Oh owned
Mobile Device Considerations • Many, many options • iOS, Android, Blackberry, Windows, etc. • Greater & greater technologies • Variations make a “one-size fits all” approach difficult • Secure access with a password • If possible, encrypt it • Back up important images – to Box! • Don’t store any restricted information • Be prepared to wipe data from the phone if lost or stolen
Anything Else? • No Forwarding if you expect to receive restricted email • Visit https://my.osu.edu to disable forwarding • “Wipe” a lost device at https://email.osu.edu • What if someone sends me restricted data?
What is BuckeyeBox • Cloud Storage, up to 50gb, free for every faculty, staff, & student at OSU • Accessible from any internet device, using just your University credentials (name.nnn + password) • Mobile versions • Application Integration • Collaborative capabilities, with task assignment • NOT FOR RESTRICTED DATA • Yet • Except for FERPA
Why would I use BuckeyeBox? • To share documents with people outside of the College of Dentistry, or The Ohio State University • To store non-restricted data that I might need when I am away from the College (no VPN required) • To distribute documents that I need to track who has seen or modified them • To distribute non-restricted data to students while they are away from the College
I’m in. How do I get started? • Sign up • At https://buckeyebox.osu.edu • Log on • At https://buckeyebox.osu.edu • Get Started • Video
BuckeyeBox! • Box can generate a link, that you can control, to share any content • https://osu.box.com/s/1emdhj3du071v03wgmro • Users need not be Box users to access shared files • Users need not log on to Box to access shared files (but you can password protect your data) • You can keep people from downloading your shared files
Things You Don’t Want • Gone Phishing • Blocking Unwanted Mail
Phishing? • A scam involving email • A “phisher” sends out massive amounts of spam, in the hopes that some people will fall for the scam • Once they have your account information, they will use it however they want • Attack a network • Financial gain • Send more phishing attacks … and someone always does
How do I know? But wait, Who? SCAM Dear Who? “The” All staffs? And most important… OSU will never ask you to divulge sensitive information! Mandatory! Do not ignore! It’s friendly enough… Seems legitimate. It has our logo. And some tiny little important sounding words…