Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Handling Standard Survey Results

From: Mike Chapple <mchapple () ND EDU>
Date: Thu, 12 Jun 2008 07:54:22 -0400
I forgot to mention that you may see some discrepancies between some of the
summary statistics and those in the file.  Those are the result of
classifying some of the write-in responses into the original buckets.



Mike



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Chapple
Sent: Thursday, June 12, 2008 7:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Handling Standard Survey Results



Colleagues,



Thank you for taking the time to participate in the handling standards
survey I sent out last week.  We found the results quite interesting and
would like to share them back with the group for your use.



Overall, we received 55 responses to our request.  Here's a summary of some
of the results we found most interesting:



.         56% of institutions have an existing classification scheme.

.         The majority (81%) of institutions with a classification scheme
have three levels of classification.

.         Of those that have a classification scheme, 70% have defined
handling standards for the highest level of classification (HS).

.         Of those that have defined handling standards for their highest
level of classification:

o   79% require departments to identify HS information

o   50% require retention schedules for HS information

o   54% require physical security of some kind (locked drawer and/or locked
room) for HS information

o   43% require confidentiality agreements for those handling HS information

o   36% have a labeling requirement for HS information

.         For stored data of the highest classification level:

o   78% require encryption for laptops and removable media

o   35% require encryption for individual workstations

o   21% require encryption for all stored information of the highest
classification

.         For e-mails containing information from the highest level:

o   36% require encryption for all e-mail recipients

o   29% require encryption for off-campus e-mail recipients

o   14% prohibit e-mail outright



I've also attached the complete summary file containing all of the survey
questions.  Thanks again for your participation!



Mike
Previous By Date Next
Previous By Thread Next

Current thread: