Handling Standard Survey Results

[Mike Chapple <mchapple () ND EDU>]

Colleagues,



Thank you for taking the time to participate in the handling standards
survey I sent out last week.  We found the results quite interesting and
would like to share them back with the group for your use.



Overall, we received 55 responses to our request.  Here's a summary of some
of the results we found most interesting:



.         56% of institutions have an existing classification scheme.

.         The majority (81%) of institutions with a classification scheme
have three levels of classification.

.         Of those that have a classification scheme, 70% have defined
handling standards for the highest level of classification (HS).

.         Of those that have defined handling standards for their highest
level of classification:

o   79% require departments to identify HS information

o   50% require retention schedules for HS information

o   54% require physical security of some kind (locked drawer and/or locked
room) for HS information

o   43% require confidentiality agreements for those handling HS information

o   36% have a labeling requirement for HS information

.         For stored data of the highest classification level:

o   78% require encryption for laptops and removable media

o   35% require encryption for individual workstations

o   21% require encryption for all stored information of the highest
classification

.         For e-mails containing information from the highest level:

o   36% require encryption for all e-mail recipients

o   29% require encryption for off-campus e-mail recipients

o   14% prohibit e-mail outright



I've also attached the complete summary file containing all of the survey
questions.  Thanks again for your participation!



Mike

Attachment: Sensitive_Info_Handling_Survey_10june2008.pdf
Description: