Educause Security Discussion mailing list archives
Data sensitivity awareness assessment
From: Fred Eaker <feeaker () NCSU EDU>
Date: Mon, 24 Sep 2018 10:04:34 -0400
Folks, Here at N.C. State University, we rely on a data sensitivity framework <https://oit.ncsu.edu/it-security/data-framework/> to guide discussions and decisions throughout our IT governance structure and implementations in our technical environment. While this framework is very helpful, I would like to *assess* general awareness of data sensitivity to determine how well our end users understand the framework and its application in departmental workflows, especially those that involve the flow of sensitive data. The results of the assessment should help us determine what kind and how much supplemental training to provide around data sensitivity. Long term, my hope is that well-aware and well-trained departmental staff can become partners in helping identify areas in which controls are lacking or could be improved. *Has anyone else embarked on an assessment of data sensitivity awareness, specifically?* If so, would you be willing to share your assessment questions and/or resources? (I am willing to share all of the above, including results if anyone is interested, once we have finalized our own assessment tool.) Also, if you have any general advice about assessing data sensitivity awareness, either from a philosophical or tactical perspective, I would love to hear that as well. For more context, here is a brief description of participation and selection criteria: ~ 250 permanent and temporary (non-student) employees; assumes a 95% confidence level, a confidence interval of 5, and approximately 600 employees (this is specific to our division, not the entire campus). A random sample of two subsets in corresponding ratios: employees from departments handling sensitive data (HIPAA); and employees from all other departments -- Fred Eaker Assistant Director, DASA Technology Services Division of Academic and Student Affairs tech.dasa.ncsu.edu
Current thread:
- Data sensitivity awareness assessment Fred Eaker (Sep 24)