Data Security Best Practices for Non-Profits & Foundations © 2010 Museum of Fine Arts, Boston John C. Newman Highland Street Foundation Breakfast Seminar March 23, 2010
Mar 26, 2015
Data Security Best Practices for Non-Profits & Foundations
© 2010 Museum of Fine Arts, Boston John C. Newman
Highland Street Foundation Breakfast Seminar
March 23, 2010
© 2010 Museum of Fine Arts, Boston
A Non-Profit Case Study
450,000 Objects1 Million Visitors70,000 Members1400 SMFA Students1200 Volunteers1000 Employees
© 2010 Museum of Fine Arts, Boston
3 Restaurants3 Shops3 4 Web Sites2 Web Stores2 Parking Lots1 Parking GarageLibraryConcertsLecturesFilms
© 2010 Museum of Fine Arts, Boston
State Street Corporation Fenway Entrance
Sharf Information Center Huntington Entrance New Courtyard New American Wing
Forsyth Dental School Seven sites Temporary relocations
© 2010 Museum of Fine Arts, Boston
© 2010 Museum of Fine Arts, Boston
20102005 2006 2007 2008 2009
PCI 1.0 Compliance Review
Network Account procedures updated
Budgeted for Network Penetration Testing
PCI 1.2 Compliance Review
Mass CMR 17.00 issued
Revised Data Inventory
Published WISP
CMR 17.00 Deadline
Tier 4 PCI VendorNo Staff WirelessNo Staff DownloadsSeparate physical staff
and student networksVery limited remote
system access
© 2010 Museum of Fine Arts, Boston
Museum-Wide MFA Computer Use Policy Information Technology and System User
Responsibilities
I.T. Policies MFA Computer Network Accounts: Policies
and Procedures MFA Employee Departure Policy and
Procedure MFA Mobile Device Policy: Laptops and
Off-Site Computers Network Security Policy: Unauthorized
Devices I.T. Service Request Procedures
Financial Policies MFA Mobile Device Policy: Cell Phones +
Smart Phones© 2010 Museum of Fine Arts, Boston
Leverage existing systems and procedures New Employee
Orientation PCI Data Inventory Track-It! Incident
Reporting
On-line Publishing Intranet Sharepoint Incident Dashboard
© 2010 Museum of Fine Arts, Boston
Obtaining Budget for New Services
Time Commitment for Application-Data Inventory and Risk Analysis
Ongoing Time Commitment for Education and Annual Review
© 2010 Museum of Fine Arts, Boston
Web site requirementsVendor Registration FormSecurity Incident DashboardNetwork Vulnerability Scan
© 2010 Museum of Fine Arts, Boston
Increased Security Awareness Increased knowledge of our systemsPotential reuse of Data Inventory
results
© 2010 Museum of Fine Arts, Boston