Sensitive Data

Views:
 
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Slide1: 

Gale Fritsche Lehigh University Library and Technology Services Securing Sensitive Information Across Campus ACM SIGUCCS Computer Services Management Symposium April 9, 2006 Tim Foley 0

Slide2: 

Founded in 1865. Private research university located 90 miles west of NYC Ranks 32th out of 248 national universities in US News and World Report’s annual survey Approx 4700 undergraduates, 1200 graduate students, 450 faculty and 1200 staff Approx 90% Windows PCs, 5% Mac and 5% other (Linux etc.) 0 Lehigh Overview

Library & Technology ServicesOrganizational Structure: 

Library andamp; Technology Services Organizational Structure 0

Presentation Agenda: 

Presentation Agenda The Problem Lehigh’s Committee Structure Process andamp; Recommendation Issues and Concerns Other Data Security Initiatives 0

Why do you need secure information?: 

Why do you need secure information? Stolen Cal Berkeley laptop exposes personal data of nearly 100,000 (AP March 29, 2005) A laptop with personal information of students and applicants was stolen from the Cleveland State University admissions office (WKYC-TV, June 3, 05) Two laptops were stolen from UW Medical Center office with the personal data of about 1,600 patients (Seattle Post-Intelligencer, Jan 24, 2006) 6000 affected at the University of Northern Iowa when laptop computer holding W-2 forms of student employees and faculty was illegally accessed (AP Feb 18, 2006) 0

Slide6: 

23 states with security breach laws Reported breaches - 53,533,214 people affected since 2/15/05 see: http://www.privacyrights.org/ar/ChronDataBreaches.htm Consumers Union report as of 11/30/05

Slide7: 

Identity Mgmt Sub Committee Firewall Sub Committee Account Opening Sub Committee Data Encryption Sub Committee Data Standards Committee E-Security Committee Data Advisory Council Advisory Council for Information Services 0 Committee Structure

Slide8: 

Systems Analysts Security and Policy Officer Computing Consultants Database Manager Enterprise Information Consultant Client Services Team Leaders Data Encryption Sub Committee Examine current encryption technologies to address the best way to encrypt PCs, Macs, PDAs and other portable devices, and LTS backups to comply with the Lehigh University security plan Members Committee Charge 0

Slide9: 

Basic file access to LTS shares Removable media PDAs (Palms and Pocket PCs) Desktop PC encryption (Windows and Macs) Backups (Windows and Enterprise) Encryption of Unix, and Oracle Encryption of network traffic Microsoft SQL Server security Encryption keys End user training Subgroups Formed 0

Slide10: 

Process andamp; Recommendations Off campus visits Web research Software testing EFS encryption, Truecrypt, WinMagic Encryption webpage development Data security seminars Various meetings with clients Data security blog for staff Identified University apps needing compliance with FERPA and HIPAA 0

Slide11: 

Final Recommendations Whole disk encryption for PCs Encrypted disk images for Macintosh Folder encryption using Windows EFS encryption Truecrypt for Pocket PCs and removable media Good.com software for Treos (Investigating) Password protect Palm devices or Pocket PCs Backup encryption (EFS Encryption and MS Backup) Restricting local logins (XP local security policies) for users with Banner reporting roles Enterprise backups are secure in machine room and transit. Still examining options for enterprise backup Terminal Server for FERPA and HIPAA applications (Police Database, Counseling Services) 0

Slide12: 

Issues and Concerns Cost of software Recovering data on drives using whole disk encryption Management of encryption keys Privileges to download banner/access reports to PCs Other places sensitive data reside on a hard drive The recycle bin, temporary internet files Laptop sleep mode (writes desktop to temporary files) Management of shared encrypted resources 0

Slide13: 

Other Data Security Initiatives Campus firewall Secure wireless implementation Procedures for wiping computer hard drives prior to disposal Campus Police registration database Windows Vista testing (Bit Blocker Encryption) 0

Do you have file encryption requirements at your College or University ? If so, what do you encrypt?: 

Do you have file encryption requirements at your College or University ? If so, what do you encrypt? Desktop PCs PDAs Backups All of the Above Discussion Questions

Have you implemented a Identity Management System? If so, what vendor did you use?: 

Have you implemented a Identity Management System? If so, what vendor did you use? IBM Computer Associates Microsoft Novell SUN Other

How many of you have implemented a firewall for your campus network?: 

How many of you have implemented a firewall for your campus network? Yes No

How many of you have experienced a recent security breach (Stolen Laptop, Hacker)?: 

How many of you have experienced a recent security breach (Stolen Laptop, Hacker)? Yes No

What type of Information do you feel need to be the most secure?: 

What type of Information do you feel need to be the most secure? Employee SSNs Student Medical Info Alumni Donor Info Athlete Recruiting Info

Contact Information: 

Contact Information Tim Foley – tim.foley@lehigh.edu Gale Fritsche – gale.fritsche@lehigh.edu

authorStream Live Help