Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cloud Security Policy

From: Kevin Crider <kcrider () SKIDMORE EDU>
Date: Wed, 8 Mar 2017 15:11:42 +0000
I hope not to hijack this thread, and thanks for those links, it brought up a couple questions here:


-          Does anyone have a similar policy on proper emailing of data? (what classes/data not to put in Email?)


-          Regarding securing SSN's, is anyone collecting SSN's via the web? If not, how do you?
The way we read our (NY state) law is that as long as the connection is encrypted or the SSN encrypted this is OK, but 
the best practice, and options and impact, of this is being evaluated at my campus...


Kevin


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam 
Maynard
Sent: Tuesday, March 7, 2017 4:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cloud Security Policy

You have to think about what your sanctioned cloud services/apps are, and if you'll tolerate the others. Then how users 
should be using those sanctioned services/apps. Do you want to allow sensitive data to be stored in the cloud. If yes, 
should you require encryption. Do you want cloud specific data retention. There's always some type of regulatory 
influence. You can also consider technical and administrative safeguards, and DLP.

Here are some examples:
http://www.luc.edu/its/itspoliciesguidelines/cloud_computing_policy.shtml
https://it.tufts.edu/cloud-pol
https://ccit.college.columbia.edu/blog/bz32/public-cloud-storage-guide-and-policy
http://www.gla.ac.uk/media/media_418975_en.pdf


-Adam

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun 
Gray
Sent: Tuesday, March 7, 2017 4:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Cloud Security Policy

Greetings Everyone,

We are developing a policy for the storage of data on the cloud. Does anyone have a policy or advice they would care to 
share to help us with this process?


Dr. Shaun L. Gray, GSEC
Network Engineer
Medford Township Board of Education
P / 609-975-6159



________________________________
Medford Township Public School District email is provided to staff for the purpose of professional communication. 
Please be aware that messages sent via email may not be secure and that network administrators may have to review 
communications to maintain network integrity and ensure the responsible use of the system. This electronic transmission 
and documents transmitted as attachments contain information from the Medford Township Public School District that may 
be proprietary, confidential and/or privileged under state or federal law. The information is intended for the sole use 
of the individual(s) or entity named above. The individual(s) or entity named above as the receipt of this information 
is expressly prohibited from disclosing this information to any other party unless required to do so by state or 
federal law or regulation. If you are not the intended recipient, be aware that any disclosure, copying or distribution 
or use of the contents of this electronic transmission and any document attachments is expressly prohibited. If you 
have received this electronic transmission in error, please notify the sender immediately by replying to the address 
listed above and delete or destroy all copies of the original electronic transmission.
Previous By Date Next
Previous By Thread Next

Current thread: