Ethics and Compliance Program Information Security
Understanding… Who’s responsible? What’s information security? Why do we need information security? What’s confidential and what’s not? What do I need to protect? How do I protect information? What are the important policies and laws? Where do I find out more? Information Security
Is it students? Is it faculty? Is it staff? Is it security administrators? The Answer = All of the above, security is everyone’s responsibility! Information SecurityWho’s Responsible?
The protection of data against unauthorized access. This includes: How we access, process, transmit, and store information How we protect devices used to access information How we secure paper records, telephone conversations, and other types of digital media Information SecurityWhat’s Information Security?
Confidential information is entrusted to us Laws and regulations govern the use of some of this confidential information We have an ethical obligation to protect this information from unauthorized access Failure to do so could leave others vulnerable to fraud and other exploits Information SecurityWhy Do We Need Information Security?
Information SecurityWhat’s Confidential and What’s Not? IMPORTANT NOTE: If you receive a request for information from any external party, and you aren’t certain that the information can be released, refer them to the Office of the University Attorney for further action.
The following video is titled “Out in the Open” and was developed by Mark Lancaster, Texas A&M University. It was the second prize winner in the two minute or less category of the EDUCAUSE 2007 Computer Security Awareness Video Contest. Make sure your sound is turned up and CLICK ON THE LINK BELOW TO PLAY “Out in the Open” video Information SecurityProtect Yourself – A Video
Share confidential information only with other employees who have a need for the information When in doubt, don't give it out! If you are unsure whether or not to disclose certain information, err on the side of caution and don't release it Keep confidential phone conversations and dictation from being overheard Quickly retrieve or secure any document containing protected information that you have printed, scanned, copied, faxed, etc. Information SecurityHow Do I Protect Information?
Store documents or physical media containing confidential information in locking file-cabinets or drawers Delete and write over (i.e., "wipe") data from any electronic media before transferring or disposing of it. Ask your IT support person for assistance Position computer screens so they're not visible to anyone but the authorized user(s) Information SecurityHow Do I Protect Information?
Shred paper documents and/or CDs containing confidential information before disposal, and secure such items until shredding Be alert to fraudulent attempts to obtain confidential information and report these to management for referral to appropriate authorities Log out or lock your workstation when you walk away from your work area Use strong passwords; don’t share them At least 8 or more characters long Mix alpha, numeric, & special characters; upper & lower case Don’t include dictionary words or proper names Don’t re-use all or a major portion of a prior password Information SecurityHow Do I Protect Information?
Information SecurityHow Do I Protect Information? • Use anti-virus software and leave auto-update enabled or update your virus definitions regularly • The following video, “Virus Software” is by Andrew Centafonte, Doug Standford, Jill Verillo, & Lindsey Wilson, James Madison University and received Honorable Mention in EDUCAUSE'S 2006 Computer Security Awareness Video Contest. • Make sure your sound is turned up and • CLICK ON THE LINK BELOW TO PLAY • “Virus Software” video
Texas State University Policies Appropriate Use of Information Resources (UPPS 04.01.07) http://www.txstate.edu/effective/upps/upps-04-01-07.html Security of Texas State Information Resources (UPPS 04.01.01) http://www.txstate.edu/effective/upps/upps-04-01-01.html Appropriate Release of Information (UPPS 01.04.00) http://www.txstate.edu/effective/upps/upps-01-04-00.html Texas State policy requires that information resources be used only in support of University missions Information SecurityWhat Are the Important Rules and Laws?
FERPA – Federal Educational Rights & Privacy Act is a federal law that protects the privacy of student educational records, and prohibits the University from disclosing information from those records without the written consent of the student http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html HIPAA – Health Insurance Portability & Accountability Act is a federal law that: Protects the privacy and security of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) Gives patients more control over their health records Sets limits on the accessibility and disclosure of patient health information http://www.cms.hhs.gov/HIPAAGenInfo/ Information SecurityWhat Are the Rules and Laws?
Gramm-Leach-Bliley Act (GLBA) includes provisions to protect the security and confidentiality of a consumers' personal financial information held by financial institutions - in any form or medium Universities/agencies must not disclose any non-public, financial information to anyone except as permitted by law http://www.ftc.gov/privacy/privacyinitiatives/glbact.html TPIA – Texas Public Information Act formerly known as the Open Records Act, specifies that all recorded information owned or accessed by a governmental body is presumed to be public information, with certain exceptions http://www.oag.state.tx.us/AG_Publications/txts/2004publicinfohb_toc.shtml Information SecurityWhat Are the Rules and Laws?
Texas State Sites IT Security - http://www.vpit.txstate.edu/security Privacy Rights Notice - http://www.tr.txstate.edu/privacy-notice.html Identity theft - http://webapps.tr.txstate.edu/security/identity.html FERPA at Texas State - http://www.registrar.txstate.edu/persistent-links/ferpa.html Contacts Information Technology Security 512-245-HACK(4225), firstname.lastname@example.org Information Technology Assistance Center (Help Desk) 512-245-ITAC(4822) or 512-245-HELP, email@example.com Information SecurityHow Do I Find Out More?
Quit Power Point & go to the Contracts and Agreements Review Questions • Restart Contracts & Agreements Module. • Quit Power Point & return to the Compliance Module Menu.