Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional Technical Education -------------------------------- Instructors: Cliff Cunningham & Braden Bruington. Security 101:. Information Security Basics. Cliff Cunningham - DoIT
Office of Campus Information Security
and Professional Technical Education
Instructors: Cliff Cunningham & Braden Bruington
Information Security Basics
You are here!
Through a printing error, 597 people receiving unemployment benefits last week got direct-deposit information including Social Security numbers belonging to another person.
"We received a print job and were running it, and there was an equipment malfunction." Recipients received one page with their own information and another page with information belonging to a different person.
Number effected: 597Data breach, June 4
A desktop computer was stolen from a secured area.
The computer may have contained student names, Social Security numbers and test scores dating from October 2005 to the present. VCU discontinued use of Social Security numbers as ID numbers in January 2007.
An additional 22,500 students are being notified that their names and test scores may have also been on the computer. No Social Security numbers were recorded with those names, but computer-generated student ID numbers may have been.
Number effected: 17,214Data breach, June 5
Student employees’ SSNs accidentally leaked in an e-mail.
OSU employee received an e-mail with an attachment that included students\' names and social security numbers. He unwittingly forwarded with attachment to his student employees.
After realizing the mistake, the hiring coordinator called the Office of Information Technology, which stopped the e-mails before all of them were sent.
Number effected: 350Data breach, June 6
“If there is any financial damage… I will hold OU at fault and seek legal counsel to recover any and all loss, with punitive damages.”Fallout from data loss at OU
“I will never donate another penny to you.”
“It was my intention to leave a sizable endowment to OU, but not any longer”
Quotes taken from article “OU has been getting an earful about huge data theft”
by Jim Phillips, Athens NEWS Sr Writer, 2006-06-12
Health & medical information
(NOTE: All financial informationtends to be sensitive.)
Restricted: explicitly protected under Wisconsin State Law. Must notify if lost.
Sensitive: still needs to be guarded with great care, but notification not required.
All restricted data is sensitive.
Not all sensitive data is restricted.Restricted vs. sensitive
* Students can request this information be suppressed
Information provided by Office of Registrar
UW-Madison Student Privacy Rights and Responsibilities
You have a single workstation that interfaces with a special piece of scientific equipment. It runs an unsupported OS. You are concerned that it may have been compromised.
You get a call saying your department’s web server is unexpectedly serving pop-up ads.Scenarios
Training and Lockdown
Security risk assessment
Individual & Departmental
IT Security Principles
Principle #1: Security is everyone’s responsibility.
Principle #2: Security is part of the development life cycle.
Principle #3: Security is asset management.
Principle #4: Security is a common understanding.
70% of data breaches involve data the owners didn’t even know was there.