Sensitive data accessibility financial management
Download
1 / 21

Sensitive Data Accessibility Financial Management - PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on

Sensitive Data Accessibility Financial Management. College of Education Michigan State University. Agenda for today. Q: What are examples of security threats? Q: What does information security mean to you? Q: Why do we need to know this?. Sensitive data management

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Sensitive Data Accessibility Financial Management' - irisa


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Sensitive data accessibility financial management

Sensitive DataAccessibilityFinancial Management

College of Education

Michigan State University


Agenda for today
Agenda for today

Q: What are examples of security threats?

Q: What does information security mean to you?

Q: Why do we need to know this?

Sensitive data management

Basic computer security issues

Financial management

Physical Security


Levels of sensitivity for data
Levels of sensitivity for data

Institutional data: all of the data held by MSU, in any form or medium, for normal business operations.

Public

Sensitive

Confidential


Public data
Public data

Not protected and generally made publically available, without restriction or limitation

Directories

Library card catalogs

Course catalogs

Institutional policies


Sensitive data
Sensitive data

Protected by institutional policy, guidelines, or procedures – may be public/FOI-able (freedom of information)

Salary data

Detailed institutional accounting and budget data

Personally restricted directory data


Confidential data
Confidential data

Institutional data that could be used for identity theft

Protected by law, contract, or University policy

Records of the university security measures

SSN

payment/credit card

health records

student records


Sensitive data management at msu
Sensitive data management at MSU

PCI DSS - Payment Card Industry Data Security Standard – Fine up to $500,000

MSU’s Managing Sensitive Data site at http://eis.msu.edu/sid/


Sensitive data management at msu1
Sensitive data management at MSU

Use Institutional Data only for University purposes.

Minimize the potential for their improper disclosure or misuse.

Individually responsible for the security and integrity of Institutional


Where to look for confidential data
Where to look for confidential data

Digital

Laptop computers, Desktop computers

Phones, thumb drives

Network drives, web and file servers

Email attachments, social networking sites

Paper

Sticky notes, notepads, paper files

Receipts

PAN forms and other official documents

Travel documentation


Do i absolutely need this data if not get rid of it
“Do I absolutely need this data?” If not, get rid of it.

As soon as you no longer need the data, delete it.

Don’t leave sensitive data on computers or PDAs that can be stolen.

Make sure the computer, where the data is stored, is protected against viruses, worms, etc.

Be careful distributing the data via email or paper forms.


Q what should you do if an incident occurs on your computer
Q: What should you do if an incident occurs on your computer?

Q: what should you do if you find a thumb drive in the hall way?


College policy
College Policy computer?

College policy can be found from this website

http://education.msu.edu/csg/

All college staff are required to attend sensitive data awareness seminar every three years.

No one should keep SSN and credit card number on your computer and shared drive.


In practical terms this means
In practical terms, this means? computer?

No confidential data on college servers or computers There is no reason to store SSNs on a computer, so don’t. If you need to use SSNs at all, work with us to make sure they are handled with a minimum of risk.

If you absolutely must have SSNs, credit card numbers, or any other sensitive data on paper, destroy paper sheets as soon as you don’t need the data anymore. If you need to keep the data, lock the papers up, then destroy them as soon as you can.

Most important: Know the policy, be aware of how you can minimize exposure.



Internet use security
Internet use security computer?

Video: Spyware

Video: Do not leave your computer unlocked

  • When you browse Internet

    • Set your browser security to medium/medium-high

    • Add safe sites to trusted sites

    • Block pop-up windows in your browser

    • Clear cookies and cache for browser periodically

    • Log out of secure apps when not in use

    • use screen saver to lock the screen

    • Do not write down passwords

    • Be aware when use Instant messenger, chatting


Basic computer use protection computer?

  • Strong password, but easy to remember

  • Install anti virus program and update automatically

  • Updates Windows system automatically

  • Turn on Windows built-in firewall

  • Set the Internet browser security medium-high

  • Do not download free programs from internet

  • Do not use flash drive as your main storage

  • Salvage computer only after clean the hard drive


Email phishing
Email Phishing computer?

  • Spelling Mistakes

  • Incorrect Graphics

  • Personal Information

  • The URL

Video: Email hoax

Phishing (use of e-mail messages that appear to be sent from a trusted source.)


File management
File management computer?

  • Manage by folders

  • Save on the server (\\edshare.educ.msu.edu)

  • Name files properly (do not use space or #, $, ~, !)

  • View files with different layout

  • Stop using floppy disks; use thumb drive to transfer file

Email management

  • Organize by folders and sub-folders


Financial management oversight
Financial Management Oversight computer?

Segregation of duties: More than one person needed to complete a record transaction. Implement mitigating controls if staffing resources do not permit desired segregation of duties.

Adequate oversight: at least take samples.

Pay attention to high risk areas: cash and inventories. Take periodic inventory.

Monthly reconciliation of P-card statement is required.


Physical security
Physical Security computer?

Protect valuables (yours and others)

Be aware of and report suspicious activity

Good descriptions NOT heroics

Keys

Doors



ad