Higher Education IT Security Policy - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Higher Education IT Security Policy

Description:

Higher Education IT Security Policy Higher Education IT Security Policies Questions about data ownership Control of the desktop Powerful search engines Lack of backup ... – PowerPoint PPT presentation

Number of Views:165
Avg rating:3.0/5.0
Slides: 18
Provided by: itUtahEdu
Category:

less

Transcript and Presenter's Notes

Title: Higher Education IT Security Policy


1
Higher EducationIT Security Policy
2
Higher Education IT Security Policies
  • Questions about data ownership
  • Control of the desktop
  • Powerful search engines
  • Lack of backup from critical files
  • Rise in identity theft
  • Significant break-ins
  • Rise and complexity of virus and worms
  • Federal law requirements
  • Institutional resources and user information
  • Need for 7 x 24 access to IT resources

3
Purpose
  • University Information Technology Resources
    are at risk from potential threats such as human
    error, accident, system failures, natural
    disasters, and criminal or malicious action.
  • The purpose of this policy is to secure the
    private sensitive information of faculty, staff,
    patients, students, and others affiliated with
    the University, and to prevent the loss of
    information that is critical to the operation of
    the University.

4
What is IT Security?
  • Measures taken to reduce the risk of
  • unauthorized access to IT Resources, via either
    logical, physical, managerial, or social
    engineering means and
  • damage to or loss of IT Resources through any
    type of disaster, including cases where a
    violation of security or a disaster occurs
    despite preventive measures.

5
Roles
  • IT Resource Steward The individual who has
    policy level responsibility for determining what
    IT Resources will be stored, who will have
    access, what security and privacy risk is
    acceptable, and what measures will be taken to
    prevent the loss of Information Resources.
  • IT Resource Custodian The organization or
    individual who implements the policy defined by
    the IT Resource Steward and has responsibility
    for IT systems that store, process or transmit IT
    Resources.

6
Roles
  • IT Systems Administrator University staff that,
    under the direction of the IT Resource Custodian,
    have day-to-day operational responsibility for
    data capture, maintenance and dissemination.
  • User Any person, including faculty members,
    staff members, students, and patients, who
    accesses and uses University of Utah IT
    Resources.

7
Private Sensitive Personal Information
  • Private information retained by or accessible
    through IT Resources such as networks and/or
    computers, including any information that
    identifies or describes an individual

8
Critical IT Resources
  • An IT Resource required for the continuing
    operation of the University, which, if it fails
    to function correctly and/or on schedule, could
    result in a major failure of mission-critical
    business functions, a significant loss of funds,
    or a significant liability or other legal
    exposure

9
University, College, Departmental IT Resources
  • Protective measures
  • Take actions and review regularly (external)
  • Preventing unauthorized access
  • Media agnostic
  • Preventing loss
  • Backup
  • Disaster recovery plans

10
User Responsibility
  • No private/sensitive information on PCs without
    permission
  • Reasonable precautions to protect information and
    prevent loss
  • Password protection
  • Information backup

11
Reporting Security Breaches Loss of Critical
Information
  • Institutional Security Office
  • HIPAA Privacy Office
  • IT Resource Steward
  • IT Resource Custodian
  • VP or Dean
  • Individual whose info was compromised

12
Institutional Security Office (ISO)
  • Security plan
  • Procedures
  • Strategies
  • Architectures
  • Best practice
  • Training
  • Implement and Enforce
  • Monitor
  • Audit
  • Incident Response

13
Network Operations
  • Manage and maintain backbone security
  • Monitor traffic flows
  • Report threats
  • Isolate threats
  • Disconnect when necessary

14
Incident Response Team
  • Follow-up
  • Determining and disseminating remedies and
    preventative measures

15
IT Resource Steward
  • Assessment - determine
  • Purpose and function of the IT Resource.
  • Level of security required based on the
    sensitivity of the IT Resource.
  • Level of criticality of an IT Resource.
  • Accessibility rights to IT Resources.
  • Appropriate method for providing business
    continuity for Critical IT Resources
  • Specify adequate data retention, in accordance
    with University policies, and state and federal
    laws for IT Resources consisting of applications
    or data.

16
IT Resource Custodian
  • Prepare for disaster recovery PLAN
  • Monitor and analyze traffic and system logs
  • Retain data as required
  • Manage administrators
  • Implement security functions

17
Sanctions and Remedies
  • Discontinue service
  • Must assist in resolution of non-compliance
  • Revoke access to IT resources
  • Service / access may be restored upon remedy
  • Discipline, serious sanctions
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Higher Education IT Security Policy" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!