© 2012 boise state university1 click for next slide! information security for faculty and...
TRANSCRIPT
© 2012 Boise State University 1Click for Next Slide!
Information Security for Faculty and Researchers
Created By OIT Information Security Services
http://oit.boisestate.edu/security/
© 2012 Boise State University 2Click for Next Slide!
Information Security for Faculty & Researchers• Role of Information Security Office• State and Federal Law• Boise State Policy• Definitions:
• Personal Data• Institutional Data• Public Data• Intellectual Property• Research Data• Copyrighted Materials• Confidential Information
• Best Practices for Protecting Information
© 2012 Boise State University 3Click for Next Slide!
State and Federal Law• Alphabet Soup. . .• FERPA• HIPAA• PCI-DSS• GLBA• SOX• “Red Flag” Alerts• DMCA• Idaho Code
• §28-51-105• §28-51-
© 2012 Boise State University 4Click for Next Slide!
. . . And Boise State PolicyInformation Technology Resource Use (8000)• http://policy.boisestate.edu/wp-content/uploads/2011/05/8000_informationtechnologyresourceuse.pdf
Information Privacy and Security (8060)• http://policy.boisestate.edu/wp-content/uploads/2011/05/8060_InformationPrivacySecurity.pdf
University Records and Archives (1020)• http://policy.boisestate.edu/wp-content/uploads/2012/09/1020_Publications-Records_091312.pdf
Non Discrimination and Anti-Harassment (1060)• http://policy.boisestate.edu/wp-content/uploads/2012/04/1060_040311.pdf
© 2012 Boise State University 5Click for Next Slide!
Personal DataYour own sensitive information stored on MyBoisestate, Broncomail or in your office• Name• Address• Social Security Number• Banking Information• Insurance Information• Family Information
© 2012 Boise State University 6Click for Next Slide!
Institutional Data• Any data that is subject to state or federal regulation, data that
is required to be protected by contractual obligation, as well as all data created, collected, maintained, recorded or managed by the university, its staff, and agents working on its behalf. • It includes data used for planning, managing, operating, controlling, or
auditing university functions; especially data used by multiple university units; and data used for university reporting. University data also includes research data that contains personally-identifiable subject information, or proprietary university information and trade secrets
From: Boise State Data Classification Standard
© 2012 Boise State University 7Click for Next Slide!
Public DataInformation that is available through open records requests• While “public” information is generally available
for viewing by the public, certain rules and conventions apply about how and when the information may be viewed.
© 2012 Boise State University 8Click for Next Slide!
Intellectual PropertyInformation developed through non-sponsored research:• May be stored in computers, on media, in printed form,
etc.• May be copyrightable• May generate income• May be subject to laws and/or policies
Intellectual Property Policy (1090)http://policy.boisestate.edu/wp-content/uploads/2011/05/1090_042508.pdf
© 2012 Boise State University 9Click for Next Slide!
Research DataInformation developed through sponsored research:
• All the characteristics of non-sponsored research, plus . . .
• May be subject to contractual obligations
© 2012 Boise State University 10Click for Next Slide!
Copyrighted Materials• Applies to printed material as well as audio,
video, images and other media• Copying or duplicating without permission
may have serious legal and/or financial consequences
• Be aware of peer-to-peer file sharing enabled on your computer
© 2012 Boise State University 11Click for Next Slide!
Confidential DataStudents, Faculty, Staff, Donors, Contractors
• Financial Records• Grades• Credit Card Information• Health Care Information• Addresses• Phone Numbers• Insurance Records• Social Security Numbers
Protected By Law!
© 2012 Boise State University 12Click for Next Slide!
Best Practices—More Alphabet Soup
PII
• Personally
• Identifiable
• Information
• This is the Key Acronym!
© 2012 Boise State University 13Click for Next Slide!
Best PracticesSafeguard The Information on Your Computer• And In Your Office• Your Personal Information• Student Information• Your Research
© 2012 Boise State University 14Click for Next Slide!
Best PracticesHow Can Data be Lost?
• Laptop or other data storage system stolen from car, lab, or office.
• Research Assistant accesses system after leaving research project because passwords aren't changed.
• Unauthorized visitor walks into unlocked lab or office and steals equipment or accesses unsecured computer.
• Unsecured application on a networked computer is hacked and data stolen.
© 2012 Boise State University 15Click for Next Slide!
Best PracticesWhat is the result of lost data?• Loss of personal use of a computer• Loss of funding• Fines• Bad Publicity• Expose students, staff, contractors, donors to
identity theft
© 2012 Boise State University 16Click for Next Slide!
Best PracticesProtecting Information• If you print it—go get it right away• Lock up sensitive information—including laptops• Store sensitive information on file servers• Consider whether you really need to store it• Shred it if you can
• Data Retention Standards• http://it.med.miami.edu/x1312.xml
© 2012 Boise State University 17Click for Next Slide!
Best PracticesProtecting Information• Use strong passwords• Change passwords often• Use different passwords on different systems• Never share your password• Password protect your screensaver• Manually lock your screen whenever you leave your
desk
© 2012 Boise State University 18Click for Next Slide!
Best PracticesProtecting Information• Be sure your computer’s operating system and
anti-virus software are up-to-date• Never open unsolicited email from an unknown
source or click on unfamiliar web addresses• Follow computer salvage procedures—for disks,
too!
© 2012 Boise State University 19Click for Next Slide!
Universities in the News!University of Idaho
70,000 Donor Records
University of Texas at Austin225,000 Student Records
UCLA500,000 Student Records
© 2012 Boise State University 20Click for Next Slide!
Idaho in the Cybersecurity NewsBut not in a good way!
August 14 2007 Idaho Army National Guard• A small computer drive containing Social Security numbers and other personal
information about every Army National Guard soldier in Idaho has been stolen. 3,400 records
Mar. 10, 2007 University of Idaho• A data file posted to the school's Web site contained personal information
including names, birthdates and Social Security numbers of University employees. 2,700 records
Dec. 7, 2005 Idaho State University, Office of Institutional Research• ISU discovered a security breach in a server containing archival information
about students, faculty, and staff, including names, SSNs, birthdates, and grades. Unknown number of records
© 2012 Boise State University 21Click for Next Slide!
University NOT in the News!Boise State University
Zero Lost Records
So Far!
Go Broncos!
© 2012 Boise State University 22Click for Next Slide!
What To Do!Know who to call!
• I think my computer is infected, what do I do?• Call the Help Desk
• 6-4357
• I think I lost the USB drive I used to take some sensitive files home to work on, what do I do?• Call the Information
Security Office• 6-5501
© 2012 Boise State University 23Click for Next Slide!
Information Security for Faculty & Researchers
Information Security Services Website• With links to laws and recommendations for
protecting information
http://oit.boisestate.edu/security/