Re: Institution-Wide Identity Theft Management

["Patria, Patricia" <PPatria () BENTLEY EDU>]

Hi Dennis,

We have a fairly comprehensive institutional information security program. You can see most of our policies at 
http://info-privacy.bentley.edu/. We deployed mandatory on-line training  and certification this year for staff that 
includes a range of policies and training material from Information Security and HIPAA training to PCI, FERPA, 
Confidentiality Agreements and other institutional related compliance policies.

Please contact me directly if you would like more details.

Patty

Patty Patria
Chief Information Security Administrator | Bentley University
175 Forest Street, Waltham, MA 02452 |781.891.2364




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Self, 
Dennis
Sent: Thursday, February 17, 2011 10:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Institution-Wide Identity Theft Management

Please forgive this repost.  With only three responses (thanks to those who did), it is obviously best to ask for open 
responses to the list!

I proposed the notion of pursuing an institution-wide identity theft management policy and practice at my institution, 
to cover multiple compliance requirements.  In summary, the notion is to require authorization, training, 
certification, audit and periodic renewal of privilege to process SSN, payment instrument account and security numbers, 
etc.  I have been asked if other universities are pursuing this as well.  Have you taken this approach?

Dennis Self
Director, IT Security & Compliance
Samford University
800 Lakeshore Drive
Birmingham, AL 35229-2293
(205) 726-2692