Re: Sensitive Data Self-assessments

[Marc Scarborough <marcs () RICE EDU>]

Regarding the VA incident, we've received similar questions.

We are using more awareness at this point, trying through education
to shift behavior while we develop better policies/procedures and the
tools to back them up.  We at least want folks to think about what
they are doing.

This is a draft of a site we're working on that will be linked from a
variety of sources (email, website, newspaper, etc):

http://www.rice.edu/it/resources/security/datasecurity.html

Comments are welcome.

Marc

On Jun 7, 2006, at 9:44 AM, C. Lazarus wrote:

> Well - interesting morning - I just returned from an ad-hoc meeting
> with Student Affairs.  They were asked by their VP if what is
> happening with the VA data could happen to them.  And the answer is
> -maybe.  So, they want to protect their information, but they need
> to find out what's out there, and do awareness training.  They
> would really like a risk assessment, self-assessment type
> instrument that would supply them with the information they want to
> collect, and also be a tool to educate their users.  Anybody's
> organization have anything they would be willing to share?  They
> want to see others because while I think we covered most data (SSN,
> Bank Accounts, FERPA, Police, Grades, Drivers License, Student
> Health) they want to make sure they haven't missed something
> important.
>
> Thanks for any help.
>
> Carolann G. Lazarus, CISA
> IS Auditor - Internal Audit
> University at Buffalo
> 645-5000 x1243
> clazarus () business buffalo edu

--
Marc Scarborough
Information Security Officer
Rice University
713.348.5735

Attachment: smime.p7s
Description: