Information (In)security

903 views

Published on

Sunyeen (Sunny) Pai
Susan Murata

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
903
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • FERPA: UH has adopted procedures to govern a student's, the government, or the public's access to a student's education records.
    487J-Prohibits use of SSNs
    487N-Procedures for disclosing a breach of sensitive information
    487R-Guidelines for destruction of records.
    E2.214 - Incorporates FERPA, HIPAA, and HRS, then adds additional features and interprets the laws to apply to UH.
  • Briefing document:
    I cannot know everyone's information use behavior, so help the employee understand what is sensitive information, what is risky information handling behavior, what are the consequences of breaches, and what the employee can do to change risky information handling behavior.
    Non negotiable protocols:
      weekly malware updates and scans
      any computer accessing sensitive information online is NOT used for leisure browing
      each staff person is responsible for malware updates on his/her computer
  • Information (In)security

    1. 1. Sunyeen (Sunny) Pai Susan Murata November 12, 2009 Hawaii Library Association Conference Ko’olau Ballrooms
    2. 2. What is sensitive information? Areas of concern for libraries KCC's data breach Data breach result The laws and policies KCC Library's response Useful ideas
    3. 3. UH Sensitive Information NAME + Social Security Number Hawaii driver's license Address Bank/Credit card info Date of Birth FERPA & HIPAA NAME + Social Security Number Health Information Financial Information Date of birth
    4. 4. Patron/User Registration records Email notices and correspondence Delinquent notices via paper or email Social Security Numbers, Driver's license info Collection Agency accounts Tax Setoff Lists Credit card payments Date of birth Shared passwords for login at Circ Desk
    5. 5. Financial aid counselor  Computer used to access financial aid server  Connected at the beginning of the day and stayed logged into the financial database all day  User behavior o Opened all attachments in email o Antivirus not up-to-date o Facebook and MySpace
    6. 6.  Computer slowdown  Over 1500 viruses and malware  Computer found to have malware that was known to search for sensitive information and sent to Russian domain  Computer forensics expert called  15,763 letters sent out  Press release  Board of Regents and Legislature notified COST = over $10,000, excluding staff time
    7. 7.  Federal       FERPA - Family Educational Rights and Privacy Act     State      Hawaii Revised Statutes (HRS)       487J - Social Security Number Protection      487N - Security Breach of Personal Information      487R - Destruction of Personal Information Records    University of Hawaii      E2.214 -  Security and Protection of Sensitive  Information
    8. 8.  Support of UH Information Security Officer, KCC's head of  information technology, and head of the library  Make everyone responsible for his/her behavior through information  and coaching.   Information Technology Team support  Vetting ITS recommendations such as o encryption and secure erase software o password testing software  o filedrop service  o passwording pdfs before email transmission   Daily virus updates and weekly scan   Weekly malware updates and weekly scan   Automate Windows XP updates  Meeting with work units -- auditing for areas of concern   Follow-up activities   
    9. 9.  Briefing document written for the employee in a "how-to"  fashion aimed at both paper and electronic information:  unauthorized access   unauthorized monitoring of information use   destructive attacks stores and networks  unauthorized use of computers and networks  Simple software cheat sheets and assistance  Non-negotiable protocols: weekly malware updates & scans  Acknowledging everyone must be more conscientious  Asking everyone to look for problems and ask questions.
    10. 10. Presenters: Sunny Pai (sunyeen@hawaii.edu) Susan Murata (smurata@hawaii.edu) A place you can download this presentation and other items: http://sites.google.com/a/hawaii.edu/kcc-hla-2009/

    ×