Ethics and Compliance Program Information Security Understanding… Who’s responsible? What’s information security? Why do we need information security? What’s confidential and what’s not? What do I need to protect? How do I protect information? What are the important policies and laws?
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
How we access, process, transmit, and store information
How we protect devices used to access information
How we secure paper records, telephone conversations, and other types of digital mediaInformation SecurityWhat’s Information Security?
Laws and regulations govern the use of some of this confidential information
We have an ethical obligation to protect this information from unauthorized access
Failure to do so could leave others vulnerable to fraud and other exploitsInformation SecurityWhy Do We Need Information Security?
IMPORTANT NOTE: If you receive a request for information from any external party, and you aren’t certain that the information can be released, refer them to the Office of the University Attorney for further action.
The following video is titled “Out in the Open” and was developed by Mark Lancaster, Texas A&M University. It was the second prize winner in the two minute or less category of the EDUCAUSE 2007 Computer Security Awareness Video Contest.
Make sure your sound is turned up and
CLICK ON THE LINK BELOW TO PLAY
“Out in the Open” videoInformation SecurityProtect Yourself – A Video
When in doubt, don't give it out! If you are unsure whether or not to disclose certain information, err on the side of caution and don't release it
Keep confidential phone conversations and dictation from being overheard
Quickly retrieve or secure any document containing protected information that you have printed, scanned, copied, faxed, etc.Information SecurityHow Do I Protect Information?
Store documents or physical media containing confidential information in locking file-cabinets or drawers
Delete and write over (i.e., "wipe") data from any electronic media before transferring or disposing of it. Ask your IT support person for assistance
Position computer screens so they're not visible to anyone but the authorized user(s)Information SecurityHow Do I Protect Information?
Shred paper documents and/or CDs containing confidential information before disposal,
and secure such items until shredding
Be alert to fraudulent attempts to obtain confidential information and report these to management for referral to appropriate authorities
Log out or lock your workstation when you walk away from your work area
Use strong passwords; don’t share them
At least 8 or more characters long
Mix alpha, numeric, & special characters; upper & lower case
Don’t include dictionary words or proper names
Don’t re-use all or a major portion of a prior passwordInformation SecurityHow Do I Protect Information?
Appropriate Use of Information Resources (UPPS 04.01.07)
Security of Texas State Information Resources (UPPS 04.01.01)
Appropriate Release of Information (UPPS 01.04.00)
Texas State policy requires that information resources be used only in support of University missionsInformation SecurityWhat Are the Important Rules and Laws?
is a federal law that protects the privacy of student educational records, and prohibits the University from disclosing information from those records without the written consent of the student
HIPAA – Health Insurance Portability & Accountability Act
is a federal law that:
Protects the privacy and security of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI)
Gives patients more control over their health records
Sets limits on the accessibility and disclosure of patient health information
http://www.cms.hhs.gov/HIPAAGenInfo/Information SecurityWhat Are the Rules and Laws?
includes provisions to protect the security and confidentiality of a consumers' personal financial information held by financial institutions - in any form or medium
Universities/agencies must not disclose any non-public, financial information to anyone except as permitted by law
TPIA – Texas Public Information Act
formerly known as the Open Records Act, specifies that all recorded information owned or accessed by a governmental body is presumed to be public information, with certain exceptions
http://www.oag.state.tx.us/AG_Publications/txts/2004publicinfohb_toc.shtmlInformation SecurityWhat Are the Rules and Laws?
IT Security - http://www.vpit.txstate.edu/security
Privacy Rights Notice - http://www.tr.txstate.edu/privacy-notice.html
Identity theft - http://webapps.tr.txstate.edu/security/identity.html
FERPA at Texas State - http://www.registrar.txstate.edu/persistent-links/ferpa.html
Information Technology Security
Information Technology Assistance Center (Help Desk)
512-245-ITAC(4822) or 512-245-HELP, email@example.comInformation SecurityHow Do I Find Out More?