Your SlideShare is downloading. ×
  • Like
Managing It Security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Managing It Security


NDSU 2009 Fall Conference general session PowerPoint.

NDSU 2009 Fall Conference general session PowerPoint.

Published in Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Managing IT Security for Extension and Outreach Offices
    Theresa Semmens NDSU Chief IT Security Officer
    October, 2009
  • 2. Presentation Outline
    Security Guidelines
    External Mobile Device Security
    Protection of Confidential and Private Data
    Online Financial Transactions
    Those *!@&$ NDSU network services
    Dual Support with the ND Association of Counties
  • 3. NDSU E-mail
    What is secure
    Encrypted User name and password
    Email messages and attachments
    Subject to privacy laws
    ND Public Open Records Century Code
    Using personal e-mail address and equipment for NDSU Business
    Can be subject to ND Public Open Records Century Code
  • 4. Workstation
    Users must have unique login and password
    Operating system and office software current with latest patches
    Anti-virus software and firewall installed, enabled and active
    Confidential/private data is not accessible or viewable by public
    Log off computer when done or away from desk
    Set a password protected screensaver
  • 5. Workstation Area
    Confidential/sensitive information not available for public view
    Protected hard copy documentation stored in locked file cabinet
    Manipulated hard copy documentation
    Tidy desk area
  • 6. Wireless Access
    Wireless access in the office
    Open vs. Secured
    Access available only to those who need it
    Wireless access outside of the office
    Public access
    Not recommended
    Working with confidential private data
    Use for personal banking
    Purchasing merchandise online
    Use NDSU Webmail client to send and receive email – do not send attachments, message body should not contain sensitive information
  • 7. Laptop Security
    • Maintain copies of important data somewhere other than the laptop. Consider using an external portable storage device.
    • 8. Back up all data, and make use of encryption features when you do so.
    • 9. Hard drive and external storage is encrypted.
    • 10. Laptop must be labeled and identified
  • External Media
    Definition –external hard drives, flash drives, CDROM, DVDR
    When not in use, keep in safe place.
    Dispose of properly.
    Encrypt sensitive data.
    Share only with those who have a “need to know”.
  • 11. Phlushing the Phish!
    What is NDSU doing?
    What can you do?
    Recent Spear Phishing Attacks
  • 12. Confidential/Private Data
    Defined and classified in NDUS 1901.2
    Pesticide Program
    Master Gardeners
    What is allowable for use and storage
  • 13. Employees & Volunteers
    Must sign confidentiality agreements
    Background checks required*
    Receive formal, documented training
    *Above point required if handling electronic financial transactions
  • 14. Social Security Numbers
    Do not use as an identifier on
    Spread sheets
    Data bases
    Any files/documents containing SSN data must be secured and available only to those who have a need to know
  • 15. Credit Card Information
    Do not store
    Full credit card number (only last four digits)
    CVV2 number
    Exp. Date
    Only allow last four digits on receipt
    No CVV2 number
    No exp. Date
    Do not accept credit card transactions over email
    If received over voice mail, delete immediately
    Must have separation of duties for acceptance of credit cards
  • 16. More Safeguards
    Non-disclosure (suppression)
    Requests for lists of members
    Health questionnaires (4-H)
    Date of Birth combined with name
    Information posted to Web sites
  • 17. Use & Disposal of Protected Data
    Encrypt or password protect on electronic devices
    Back up regularly
    Allow only those who have a need to know access to data
    Use only where necessary
    Dispose of properly
  • 18. Personnel & Volunteer Files
    Stored in locked cabinet not in public area
    If request is made to view personnel file
    Dean and General Counsel to approve request
    Log request, date, time
    Viewer must sign log form
    Only allow what is considered public information to be viewed
    Purge according to data retention policies
    Shred with cross cut shredder, burn, using document destruction service
  • 19. Suspected Data Breach
    For computer related security issues contact your supervisor
    Document reasons you suspect breach of data
    Do not move, touch, alter equipment or anything related to the breach
    Do not attempt to do your own investigation
  • 20. NDSU network services
    E-mail accounts
    E-mail box space
    Changing electronic ID
    Non-employee accounts
    Affiliate vs. Guest accounts
  • 21. Alias E-mail Account
    • E-mail message automatically dropped into multiple users e-mail boxes
    • 22. Does not require password
    • 23. Owner responsible for removing and adding users
  • 24. Shared E-mail Account
    • Requires use of Webmail
    • 25. Requires shared password
    • 26. Owner required to change password when users leave or are added to group
  • 27. Electronic ID
    Official Format = FirstName.LastName
    Full-time employees and Students can change EID at
    Non-employees/students must request change
    Change subject to previous ownership of “name space.”
    Name change due to marriage/divorce – must go through HR with proper documentation
    Employees have 500 MB e-mail box. Request to increase must be sent through Helpdesk.
  • 28. Affiliate vs. Guest Accounts
    Services available: desktop_auth, Blackboard, Library, Wireless
    Must be “sponsored” by department
    Affiliate accounts for periods longer than one week
    Guest accounts for periods less than one week
    E-mail requires completion of Non-employee ID form
  • 29. Managing IT Security for Extension and Outreach Offices
    Theresa Semmens NDSU Chief IT Security Officer
    October, 2009