Educause Security Discussion mailing list archives
Confidential/Sensitive Data Handling Blueprint Now Available
From: Shirley Payne <payne () VIRGINIA EDU>
Date: Fri, 19 Jan 2007 10:55:29 -0500
We write to announce availability of a new security toolkit that brings together in one place resources pertaining to confidential/sensitive data handling, and to solicit your help to enhance this tool. Version 1.0 of the "Confidential/Sensitive Data Handling Blueprint" is posted at https://wiki.internet2.edu/confluence/display/secguide/Confidential+Data+Handling+Blueprint. As you know, the EDUCAUSE/Internet2 Security Task Force has been working hard these past several years to improve computer and network security across higher education. Several useful resources (www.educause.edu/security) have been developed and there have been a number of other task force accomplishments since the group was formed in 2000. Nonetheless, the risks to information security at colleges and universities continue to persist and necessitate that individuals at all levels of the institution become engaged to prevent further data breaches from occurring. To help institutions direct this effort, a Security Task Force work group has developed a blueprint that recommends the key strategies that follow for stopping the leakage of confidential/sensitive data. o Create a security risk-aware culture that includes an information security risk management program. o Classify information assets according to their importance and the corresponding need to protect them against unauthorized access and use. o Clarify roles and responsibilities and hold individuals accountable for safeguarding data. o Reduce access to sensitive data that is not essential to university processes. o Implement stricter controls (policies, processes, and technologies) for safeguarding data. o Raise awareness and provide training to the community. o Verify compliance routinely with your policies and procedures. Sub-steps for each strategy are identified in the blueprint and field-proven, effective practices are being linked to each sub-step. As mentioned above, Version 1.0 of the blueprint is posted at https://wiki.internet2.edu/confluence/display/secguide/Confidential+Data+Handling+Blueprint. On behalf of the group, we solicit your suggestions for additional practices to reference. Please email those to Valerie Vogel at vvogel () educause edu. The blueprint will be updated periodically, so be sure to revisit the web page often! Also, we want to take this opportunity to share a list of upcoming seminars on protecting sensitive data, where this blueprint will be the primary focus: January 25 - Los Angeles, CA 1-day seminar hosted by UCLA Presented by Morrow Long & Krizi Trivisani http://www.educause.edu/esem071 March 19 - Worcester, MA NERCOMP pre-conference seminar Presented by Morrow Long & David Escalante http://www.educause.edu/nc07 April 10 - Denver, CO Security Professionals Conference pre-conference seminar http://www.educause.edu/sec07 May 2 - East Lansing, MI 1-day seminar hosted by Michigan State University (program info will be available online soon…) July 30 - Washington, DC Campus Technology Conference Presented by David Escalante (program info will be available soon...) There will also be a 1-day seminar in the southeast in June. The date/location will be announced soon. Best regards, Confidential Data Handling Group Co-Chairs Shirley Payne (University of Virginia) Krizi Trivisani (The George Washington University)
Current thread:
- Confidential/Sensitive Data Handling Blueprint Now Available Shirley Payne (Jan 19)