1 / 0

DATA SECURITY

DATA SECURITY. Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information, Intellectual Property Information, Departmental Budget Information, Student Grades, Staff Salaries. DATA SECURITY - THE PROJECT.

mave
Télécharger la présentation

DATA SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information, Intellectual Property Information, Departmental Budget Information, Student Grades, Staff Salaries
  2. DATA SECURITY - THE PROJECT The Data Security Project’s charge is to make contact with as many schools, departments and organizations here on campus as possible with a directive to review current data handling practices, educate on best practices and supply tools that will help to maintain a secure environment for Confidential and Sensitive information. The process starts with a simple survey to determine what types of information the staff in your organization work with. After responses are collected respondents are contacted and individual interviews are scheduled in order to further review data security processes. Finally there is a reporting and education piece that will assist the department in correcting and/or strengthening the handling of confidential and sensitive information within the department.
  3. DATA SECURITY TAKE STOCK SCALE DOWN LOCK IT PITCH IT PLAN AHEAD
  4. DATA SECURITY TAKE STOCK Inventory all file storage and electronic equipment. Know where your department stores sensitive data. Talk to your employees and outside service providers to determine who sends personal information to your department and how it is sent. Consider all the ways you collect personal information and what kind of information you collect. Review where you keep information you collect and who has access to it.
  5. DATA SECURITY TAKE STOCK SCALE DOWN LOCK IT PITCH IT PLAN AHEAD
  6. DATA SECURITY SCALE DOWN Use Social Security Numbers only for required and lawful purposes. Don’t use Social Security Numbers as employee/student identifiers. Keep credit card information only if your department has a business need for it and never keep it stored electronically. Make certain that your department is PCI (Payment Card Industry) Compliant in accepting credit card information. Visit http://creditcards.rice.edu for more information. Review any forms that you use to gather data and revise them to eliminate requests for information that you don’t need. Credit or debit card receipts that you give to customers should not include the card expiration date or more than the last 5 digits of the card number. Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.
  7. DATA SECURITY TAKE STOCK SCALE DOWN LOCK IT PITCH IT PLAN AHEAD
  8. DATA SECURITY LOCK IT Put documents and other materials containing personally identifiable information in a locked room or file cabinet. Remind employees to put files away, log off or lock their computers, and lock their file cabinets and office doors at the end of the day. Review access controls to your departmental office. Modify controls as needed to make certain that the office is secure. Encrypt sensitive information if you must send it over public networks. Regularly run up-to-date anti-virus and anti-spyware scans on individual computers. Require employees use strong passwords.
  9. DATA SECURITY LOCK IT Caution employees against transmitting personal information insecurely via email. Encrypt all laptop hard drives, most especially those used to process confidential or sensitive data. Report data security breaches right away to the Rice Police Department by calling 713-348-6000. Create a procedure to make sure that workers who exit the University no longer have access to sensitive information within your department. Continue to educate employees on how to avoid phishing and other internet scams that could cause a data breach.
  10. DATA SECURITY TAKE STOCK SCALE DOWN LOCK IT PITCH IT PLAN AHEAD
  11. DATA SECURITY PITCH IT Dispose of paper records by cross cut shredding. Make sure that your staff is separating documents that are safe to trash from the sensitive data documents that need to be shredded. Make shredders available throughout the workplace including next to the photocopier. Contact the Rice Helpdesk in order to coordinate the wiping of computer hard drives from old computers that your department may wish to sell or dispose of. Give traveling employees and those who work from home a list of procedures for properly disposing of sensitive documents, old computers and portable devices.
  12. DATA SECURITY TAKE STOCK SCALE DOWN LOCK IT PITCH IT PLAN AHEAD
  13. DATA SECURITY PLAN AHEAD Notify the Rice Police Department immediately in the event of a data security breach. Immediately disconnect a compromised computer from the internet. Distribute Data Security Best Practices to all incoming new employees and schedule a regular review of these practices with your current staff.
  14. DATA SECURITY Data Security Project Software Tools As part of the Data Security Project Information Technology is making available software tools that will assist users in further protecting electronic confidential and sensitive Data. PGP Whole Disk Encryption Whole disk encryption software
  15. DATA SECURITY Data Security Project Software Tools In support of the review, the Information Technology Security Office provides and supports software tools to find Personally Identifiable Information (PII) residing on computers and encrypt computers and drives used to process it. We also provide consulting and guidance for other options as well, including sending information securely, Microsoft Office and Adobe document encryption, and Mobile Device Management (MDM) strategies for both Google Android and Apple iOS phones and tablets.
  16. DATA SECURITY For questions on Information Technology Security please contact: Marc Scarborough Information Security Officer 713-348-5735 marcs@rice.edu For a copy of Data Security Best Practices or if you have any questions or concerns about data security please contact me directly: Frank Rodriguez Project Manager - Data Security Project 713-348-6295 infoprotect@rice.edu
  17. DATA SECURITY Visit the Data Security Website: http://www.it.rice.edu/datasecurity Questions?
More Related