Data security project
1 / 11

Data Security Project - PowerPoint PPT Presentation

  • Uploaded on

Data Security Project. PROJECT WRAP-UP. Timeline – July 2011 through December 2012

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Data Security Project' - dong

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Data security project
Data Security Project


Timeline – July 2011 through December 2012

Project Charge – Compile resources and best practices for the proper handling of confidential and sensitive data and implement these throughout organizations here at Rice University thus raising awareness of Rice University Policy 808 on the protection of personally identifiable information.

Process methodology – The project process included targeting primarily departments that processed data defined as confidential and/or sensitive by University policy. Staff within the departments were surveyed and interviewed and a report was compiled for each department which included Data Security Support Recommendations.

Data security project1
Data Security Project

Processed Totals through December 2012

  • 57 Departments / Schools

  • 842 Surveys Collected

  • 294 Individual Interviews Processed

  • 318 Identity Finder User Licenses Active

  • 268 PGP Encryption User Licenses Active

Data security project2
Data Security Project

Lessons Learned

Email as unsafe transport for confidential/sensitive information

The most common issue found throughout the project's life was the fact

that a large percentage of respondents to the Data Security survey

acknowledged the use of email to transport confidential and/or sensitive

information. This issue was a focus for the project since the

beginning. As we interviewed respondents and upon reporting back to

organizations we made it clear that emailing confidential and/or

sensitive information was not safe and that encryption or password

protection should be utilized in the rare cases where emailing this

kind of information is necessary. Working with the IT Security Office,

the project recommended the purchase of Proofpoint - a system that helps

prevent accidental data loss through email.

Data security project3
Data Security Project

Lessons Learned

Utilizing lockable cabinets for storage of confidential and/or sensitive paperwork

  • This was a regular recommendation as many respondents were found either not having access to a lockable cabinet for storage of confidential paperwork or the cabinet that they were utilizing was not working to lock properly or had no lock at all. This recommendation was heavily publicized throughout our best practices media.

Data security project4
Data Security Project

Lessons Learned

Mobile Phones/Devices utilized for Rice business and/or receiving Rice email should be pin protected

  • With the proliferation of mobile devices, both personal and Rice owned, here on campus it is most important to make certain that these devices are pin protected. This will help to protect, not only your personal data on your device but that of Rice University’s which you may receive via email.

Data security project5
Data Security Project

Lessons Learned

Office configurations that are vulnerable to prying eyes and ears

  • Some departmental challenges lie in office configurations. Some high traffic areas are vulnerable when handling confidential and/or sensitive information. Recommendations include computer filter screens for monitors and reminding staff to be aware of paperwork that is being worked on so that it is not easily viewed by those entering the area.

Data security project6
Data Security Project

Lessons Learned

Making shredders available

  • Having a shredder available for staff is very important so that no confidential/sensitive paperwork is thrown in the trash thus becoming a risk for the University. Having a shredder in a central location and available for all staff was heavily recommended.

Data security project7
Data Security Project

Stay Tuned for what’s coming!

Proofpoint Software

Sending confidential and sensitive information via email should be

avoided. In some cases, institutional data loss occurs through email,

either by sending emails to the wrong address (or addresses) or not

knowing confidential information is in an email in the first place (like

an excel attachment). Proofpoint, a system that will sit between our

outgoing email servers and the Internet, will help protect against this.

In addition, it will provide an option to encrypt emails for those that

need to send information via email to outside organizations.

More information about Proofpoint and how to use it's encryption

features is on its way.

Data security project8
Data Security Project

Stay Tuned for what’s coming!

Data Security Awareness Training Modules

The Data Security Awareness Training Modules are currently being finalized and promise to be a huge step in the right direction in order to keep best practices for information security fresh in everyone’s mind for future years to come. The training modules were developed through close working relationships between the IT Security Office, the Data Security Project and the Jones Business School. These modules include “Email Security, Mobile Device Protection, Identity Protection and Data Security”. The modules take the user through short but thorough lessons on best practices and finally move the user to a short test at the end of every module. Fashioned with like methodology used for the Sexual Harassment training, this Information Security Awareness training is a strong component for the ongoing training of current and future Rice Faculty and Staff.

Data security project9
Data Security Project

Media Campaigns

The Data Security Desk Assistant card is a postcard sized double sided card which reminds the user of the importance of proper handling of confidential and sensitive data. Also in working with Carlyn Chatfield in the IT communications office we have designed and put together a “Data Security Best Practices” brochure which provides a host of useful pointers and resources for all Rice Faculty and Staff. The production of the paper media will be limited but will also be duplicated on the web.

Data security project10
Data Security Project


Frank Rodriguez

Rice University

Data Security Project

6100 Main Street MS 750

Houston, Texas 77005

Tel – 713-348-6295

Fax – 713-348-6099

Visit the Data Security Website: