Educause Security Discussion mailing list archives

Sensitive Data Self-assessments

From: "C. Lazarus" <CLazarus () BUSINESS BUFFALO EDU>
Date: Wed, 7 Jun 2006 10:44:38 -0400

Well - interesting morning - I just returned from an ad-hoc meeting with
Student Affairs.  They were asked by their VP if what is happening with the
VA data could happen to them.  And the answer is -maybe.  So, they want to
protect their information, but they need to find out what's out there, and
do awareness training.  They would really like a risk assessment,
self-assessment type instrument that would supply them with the information
they want to collect, and also be a tool to educate their users.  Anybody's
organization have anything they would be willing to share?  They want to see
others because while I think we covered most data (SSN, Bank Accounts,
FERPA, Police, Grades, Drivers License, Student Health) they want to make
sure they haven't missed something important.

Thanks for any help.

Carolann G. Lazarus, CISA
IS Auditor - Internal Audit
University at Buffalo
645-5000 x1243
clazarus () business buffalo edu

Current thread:

Sensitive Data Self-assessments C. Lazarus (Jun 07)
- <Possible follow-ups>
- Re: Sensitive Data Self-assessments Waller, Michael A. (HSC) (Jun 07)
- Re: Sensitive Data Self-assessments Cheek, Leigh (Jun 08)
- Re: Sensitive Data Self-assessments Marc Scarborough (Jun 08)