Date post: | 13-May-2015 |
Category: |
Technology |
Upload: | hlapowerpoint |
View: | 616 times |
Download: | 1 times |
Sunyeen (Sunny) Pai Susan Murata
November 12, 2009
Hawaii Library Association Conference Ko’olau Ballrooms
What is sensitive information?Areas of concern for librariesKCC's data breachData breach resultThe laws and policies KCC Library's response Useful ideas
UH Sensitive Information NAME +Social Security NumberHawaii driver's licenseAddressBank/Credit card infoDate of Birth
FERPA & HIPAA NAME+Social Security NumberHealth InformationFinancial Information Date of birth
Patron/User Registration recordsEmail notices and correspondenceDelinquent notices via paper or emailSocial Security Numbers, Driver's license infoCollection Agency accountsTax Setoff ListsCredit card paymentsDate of birthShared passwords for login at Circ Desk
Financial aid counselor Computer used to access financial aid server Connected at the beginning of the day and stayed logged into the
financial database all day User behavioro Opened all attachments in emailo Antivirus not up-to-dateo Facebook and MySpace
Computer slowdown Over 1500 viruses and malware Computer found to have malware that was known to search
for sensitive information and sent to Russian domain Computer forensics expert called 15,763 letters sent out Press release Board of Regents and Legislature notified
COST = over $10,000, excluding staff time
Federal FERPA - Family Educational Rights and Privacy Act
State
Hawaii Revised Statutes (HRS) 487J - Social Security Number Protection 487N - Security Breach of Personal Information 487R - Destruction of Personal Information Records
University of Hawaii
E2.214 - Security and Protection of Sensitive Information
Support of UH Information Security Officer, KCC's head of information technology, and head of the library
Make everyone responsible for his/her behavior through information and coaching.
Information Technology Team support Vetting ITS recommendations such as
o encryption and secure erase softwareo password testing software o filedrop service o passwording pdfs before email transmission
Daily virus updates and weekly scan Weekly malware updates and weekly scan Automate Windows XP updates Meeting with work units -- auditing for areas of concern Follow-up activities
Briefing document written for the employee in a "how-to" fashion aimed at both paper and electronic information: unauthorized access unauthorized monitoring of information use destructive attacks stores and networks unauthorized use of computers and networks
Simple software cheat sheets and assistance Non-negotiable protocols: weekly malware updates & scans Acknowledging everyone must be more conscientious Asking everyone to look for problems and ask questions.
Presenters:Sunny Pai ([email protected])Susan Murata ([email protected]) A place you can download this presentation and other items:
http://sites.google.com/a/hawaii.edu/kcc-hla-2009/