© 2012 Boise State University 1 Click for Next Slide! Information Security on the “Front Lines” Created By OIT Information Security Services http://oit.boisestate.edu /security/
Jan 10, 2016
© 2012 Boise State University 1Click for Next Slide!
Information Security on the “Front Lines”
Created By OIT Information Security Services
http://oit.boisestate.edu/security/
© 2012 Boise State University 2Click for Next Slide!
Universities in the News!University of Idaho
70,000 Donor Records
University of Texas at Austin225,000 Student Records
UCLA500,000 Student Records
© 2012 Boise State University 3Click for Next Slide!
University NOT in the News!Boise State University
Zero Lost Records
So Far!
Go Broncos!
© 2012 Boise State University 4Click for Next Slide!
The Information We KeepStudents, Faculty, Staff, Donors, Contractors
Financial Records Grades Credit Card Information Health Care Information Addresses Phone Numbers Insurance Records Social Security Numbers
All Protected By Law!
© 2012 Boise State University 5Click for Next Slide!
Alphabet Soup
Everybody Loves Acronyms!
• FERPA• HIPAA• PCI-DSS• GLBA• SOX• “Red Flag” Alerts• Idaho Code
• §28-51-105
© 2012 Boise State University 6Click for Next Slide!
Alphabet SoupPII
• Personally
• Identifiable
• Information
• This is the Key Acronym!
© 2012 Boise State University 7Click for Next Slide!
Alphabet SoupFERPA• Family• Educational • Rights and • Privacy • Act
• Protects the privacy of students’ educational records
Non-compliance?• Loss of federal funding• Fines• Expose students to identity theft
© 2012 Boise State University 8Click for Next Slide!
Alphabet SoupHIPAA
Health InformationPortability and Accountability Act
• Protect confidentiality of health care information• Protect workers’ health insurance when changing jobs• Standardize electronic health care data interchange
Non-compliance?• Fines• Expose students and employees to identity theft
© 2012 Boise State University 9Click for Next Slide!
Alphabet SoupPCI-DSS
Payment Card Industry Data Security Standard
• Industry requirements for protecting customer payment account information– Established by consortium of the major payment card brands
Non-Compliance?• Increased fee$ for accepting credit card payments• Mandatory PCI-DSS audits (paid for by Boise State)• Identity Theft
© 2012 Boise State University 10Click for Next Slide!
Alphabet SoupGLB• Graham-Leech-Bliley Act of 1999• Requires financial institutions to protect their
customers personally identifiable information
• Non-Compliance?• Fines• Exposure of students, families, and employees to
identity theft
© 2012 Boise State University 11Click for Next Slide!
Alphabet SoupSOX• Sarbanes-OXley Act of 2002
• Requires all publicly held companies to submit an annual assessment of the effectiveness of their internal financial auditing controls to the Securities and Exchange Commission
• Officers of the companies must certify that they aren’t “cooking the books”
© 2012 Boise State University 12Click for Next Slide!
Alphabet Soup“Red Flag” Alerts
• Fair and Accurate Credit Transactions Act
• Requires monitoring and alerting for suspicious transactions that could indicate identity theft or fraud
• Broad list of “suspicious transactions”
© 2012 Boise State University 13Click for Next Slide!
Alphabet SoupIdaho Code §28-51-105
• Idaho’s Identity Theft Law
• Requires reporting of security breaches which expose Personally Identifiable Information that can be used to obtain credit, apply for Driver’s License, or apply for other forms of identification
© 2012 Boise State University 14Click for Next Slide!
Boise State PoliciesInformation Technology Resource Use (BSU # 8000)• http://policy.boisestate.edu/wp-content/uploads/2011/05/8000_informationtechnologyresourceuse.pdf
Information Privacy and Security (BSU # 8060)• http://policy.boisestate.edu/wp-content/uploads/2011/05/8060_InformationPrivacySecurity.pdf
Cash Handling (BSU # 6010)• http://policy.boisestate.edu/wp-content/uploads/2011/05/6010_CashHandling.pdf
© 2012 Boise State University 15Click for Next Slide!
Alphabet Soup - - TMI !!!
• Or “TMA” -- too many acronyms!
What should I
do?
© 2012 Boise State University 16Click for Next Slide!
Protect Constituent Data
• If you print it—go get it• Shred it if you can• Be sure you can release it• If you aren’t sure, check with your supervisor
• Lock it up!• Don’t leave sensitive information in the open That includes laptops and other mobile media
Know What Boise State Policy Requires
© 2012 Boise State University 17Click for Next Slide!
Follow Information Security Best Practices
• Use strong passwords• Change passwords
often• Use different
passwords on different systems
• Never share your password
© 2012 Boise State University 18Click for Next Slide!
Follow Information Security Best PracticesPassword protect your screensaver
• Manually lock your screen whenever you leave your desk
Store sensitive information on file servers
Never open unsolicited email from an unknown source or click on unfamiliar web addresses
Be sure your computer and anti-virus software are up-to-date
© 2012 Boise State University 19Click for Next Slide!
Follow Information Security Best Practices
Know who to call• I think my computer is
infected, what do I do?• Call the Help Desk at 6-
4357
• I think I’ve lost the USB drive I used to take some sensitive files home to work on, what do I do?• Call the Information
Security Office at 6-5501
© 2012 Boise State University 20Click for Next Slide!
Information Security on the “Front Lines”
• Incident Response Procedure
http://oit.boisestate.edu/security/it-security-policy-and-procedures/incresponseprocedure/