Data Security Project. PROJECT WRAP-UP. Timeline – July 2011 through December 2012
Timeline – July 2011 through December 2012
Project Charge – Compile resources and best practices for the proper handling of confidential and sensitive data and implement these throughout organizations here at Rice University thus raising awareness of Rice University Policy 808 on the protection of personally identifiable information.
Process methodology – The project process included targeting primarily departments that processed data defined as confidential and/or sensitive by University policy. Staff within the departments were surveyed and interviewed and a report was compiled for each department which included Data Security Support Recommendations.
Processed Totals through December 2012
Email as unsafe transport for confidential/sensitive information
The most common issue found throughout the project's life was the fact
that a large percentage of respondents to the Data Security survey
acknowledged the use of email to transport confidential and/or sensitive
information. This issue was a focus for the project since the
beginning. As we interviewed respondents and upon reporting back to
organizations we made it clear that emailing confidential and/or
sensitive information was not safe and that encryption or password
protection should be utilized in the rare cases where emailing this
kind of information is necessary. Working with the IT Security Office,
the project recommended the purchase of Proofpoint - a system that helps
prevent accidental data loss through email.
Utilizing lockable cabinets for storage of confidential and/or sensitive paperwork
Mobile Phones/Devices utilized for Rice business and/or receiving Rice email should be pin protected
Office configurations that are vulnerable to prying eyes and ears
Making shredders available
Stay Tuned for what’s coming!
Sending confidential and sensitive information via email should be
avoided. In some cases, institutional data loss occurs through email,
either by sending emails to the wrong address (or addresses) or not
knowing confidential information is in an email in the first place (like
an excel attachment). Proofpoint, a system that will sit between our
outgoing email servers and the Internet, will help protect against this.
In addition, it will provide an option to encrypt emails for those that
need to send information via email to outside organizations.
More information about Proofpoint and how to use it's encryption
features is on its way.
Stay Tuned for what’s coming!
Data Security Awareness Training Modules
The Data Security Awareness Training Modules are currently being finalized and promise to be a huge step in the right direction in order to keep best practices for information security fresh in everyone’s mind for future years to come. The training modules were developed through close working relationships between the IT Security Office, the Data Security Project and the Jones Business School. These modules include “Email Security, Mobile Device Protection, Identity Protection and Data Security”. The modules take the user through short but thorough lessons on best practices and finally move the user to a short test at the end of every module. Fashioned with like methodology used for the Sexual Harassment training, this Information Security Awareness training is a strong component for the ongoing training of current and future Rice Faculty and Staff.
The Data Security Desk Assistant card is a postcard sized double sided card which reminds the user of the importance of proper handling of confidential and sensitive data. Also in working with Carlyn Chatfield in the IT communications office we have designed and put together a “Data Security Best Practices” brochure which provides a host of useful pointers and resources for all Rice Faculty and Staff. The production of the paper media will be limited but will also be duplicated on the web.
Data Security Project
6100 Main Street MS 750
Houston, Texas 77005
Tel – 713-348-6295
Fax – 713-348-6099
Visit the Data Security Website: