Educause Security Discussion mailing list archives
Re: Sensitive Data Self-assessments
From: Marc Scarborough <marcs () RICE EDU>
Date: Thu, 8 Jun 2006 09:38:16 -0500
Regarding the VA incident, we've received similar questions. We are using more awareness at this point, trying through education to shift behavior while we develop better policies/procedures and the tools to back them up. We at least want folks to think about what they are doing. This is a draft of a site we're working on that will be linked from a variety of sources (email, website, newspaper, etc): http://www.rice.edu/it/resources/security/datasecurity.html Comments are welcome. Marc On Jun 7, 2006, at 9:44 AM, C. Lazarus wrote:
Well - interesting morning - I just returned from an ad-hoc meeting with Student Affairs. They were asked by their VP if what is happening with the VA data could happen to them. And the answer is -maybe. So, they want to protect their information, but they need to find out what's out there, and do awareness training. They would really like a risk assessment, self-assessment type instrument that would supply them with the information they want to collect, and also be a tool to educate their users. Anybody's organization have anything they would be willing to share? They want to see others because while I think we covered most data (SSN, Bank Accounts, FERPA, Police, Grades, Drivers License, Student Health) they want to make sure they haven't missed something important. Thanks for any help. Carolann G. Lazarus, CISA IS Auditor - Internal Audit University at Buffalo 645-5000 x1243 clazarus () business buffalo edu
-- Marc Scarborough Information Security Officer Rice University 713.348.5735
Attachment:
smime.p7s
Description:
Current thread:
- Sensitive Data Self-assessments C. Lazarus (Jun 07)
- <Possible follow-ups>
- Re: Sensitive Data Self-assessments Waller, Michael A. (HSC) (Jun 07)
- Re: Sensitive Data Self-assessments Cheek, Leigh (Jun 08)
- Re: Sensitive Data Self-assessments Marc Scarborough (Jun 08)