Resource Management, Data Integrity, and the Computing Environment - PowerPoint PPT Presentation

1 / 46

About This Presentation

Title:

Resource Management, Data Integrity, and the Computing Environment

Description:

Finally The UC/UCSB definition of Personal Data is evolving. ... Proper training. Formal delegations. Current job descriptions. Timely evaluations ... – PowerPoint PPT presentation

Number of Views:65

Avg rating:3.0/5.0

Slides: 47

Provided by: SLS1

Category:

more less

Transcript and Presenter's Notes

Title: Resource Management, Data Integrity, and the Computing Environment

1
Resource Management, Data Integrity, and the
Computing Environment

Sandra Featherson
Office of the Controller

Doug Drury Information Systems Computing
September 13, 2007
2
Agenda

Computing Environment
Resource Management
Data Integrity

3
Computing Environment

Maintaining a reliable computing environment
Why is this important?

4
Computing Environment

Physical Security
Equipment is properly secured
Equipment is maintained

5
Computing Environment

Systems Development
IS-10 UC Policy
Establish a plan
Well trained technical professionals
Identify projects
Define scope, benefits, risks, priorities,
timing, and implementation method

6
Computing Environment

Systems Development
What is System Development?
Impact of the project
Determine staffing, equipment, and other needs
Funding requirements and sources
Documentation of system

7
Computing Environment

Other Things to Think About
Systems Management
Password Maintenance
Disaster Recovery
Separating Employees

8
Electronic Personal Information What Is It?

SB1386 designed to address identity theft
took effect July 1st, 2003
added 1798.29, 1798.82 to State Civil Code
(Information Practices Act)
created disclosure requirements upon a security
breach of systems containing unencrypted
personal information
An individuals first name or initial and last
name in combination with one or more of the
following
Social Security Number
Drivers License Number
Financial account or credit card number in
combination with any password that would
permit access to the individual's account
See http//isc.ucsb.edu/decaf/SB1386.pdf for more
information

9
Electronic Personal InformationUCSB Campus Roles

Data Proprietor - A personal information data
store proprietor is the department director or
senior manager who is the functional owner of the
application that is the primary source of the
personal information. It is the responsibility of
the data store proprietor to ensure that the
inventory of personal information data stores is
kept current for the data stores for which the
proprietor is responsible.

10
Electronic Personal InformationUCSB Campus Roles

Data Custodian - A personal information data
store custodian is an individual or organization
that is responsible for providing technical or
system administration support for the data store.
It is the responsibility of the personal
information data store custodian to ensure that
the implementation and administration of the
personal information data store conforms to IS-3
requirements, as a minimum, and to campus and
industry best practices for system security where
appropriate.
Campus Sensitive Data Incident Coordinator -
Doug Drury doug.drury_at_isc.ucsb.edu

11
Electronic Personal Information Policy
Guidelines

UC Policy IS-3 defines policy regarding
management of Electronic Personal Information (as
well as other information system issues)
http//www.ucop.edu/ucophome/policies/bfb/is3.pdf
UCSB Guideline provides process for handling
exposure of personal information
http//www.oit.ucsb.edu/committees/ITPG/sb1386.asp

12
Electronic Personal Information Best Practices

Dont Store It Unless Absolutely Necessary
If You Do Store It
Follow IS-3 Policy
Retain contact information for stored individuals
Submit Inventory Data To Campus Coordinator
(doug.drury_at_isc.ucsb.edu)
Follow Industry Best Practices For System
Security
UC Electronic Communication Policy allows UC
campuses to encrypt personal information data
stores ENCRYPT IF POSSIBLE (http//www.ucop.edu
/ucophome/coordrev/ucpolicies/policymanuals.html)

13
Electronic Personal InformationIncident Process

Incident Detection
Requires active monitoring of data store
Requires extensive analysis to determine if a
breach as occurred
UCSB Guideline provides assessment guidance
http//www.oit.ucsb.edu/committees/ITPG/sb1386.asp
Incident Handling Process
Follow the UCSB Guideline closely
Allow appointed UCSB/UC officials to handle any
communication

14
Electronic Personal Information Information
Sources

UC Policy http//www.ucop.edu/ucophome/policies/b
fb/is3.pdf
UCSB Guideline http//www.oit.ucsb.edu/committees
/ITPG/sb1386.asp
California Law http//isc.ucsb.edu/decaf/SB1386.p
df
Finally The UC/UCSB definition of Personal Data
is evolving. You will be kept up to date if the
definition changes

15
Resource Management

Financial Data
Value of Budgets
Analyze Costs, Benefits, and Risks
Asset Management

16
Resource ManagementFinancial Data

Verify data is accurate and complete
Compare GLO60 to any Shadow System
Review significant deviations
Document corrective action

17
Resource ManagementValue of Budgets

Represents your financial plan for future periods
Decisions based on data
Proper use of resources
Valuable control
Evaluate resource opportunities

18
Resource ManagementValue of Budgets

Budget for
Departmental Operations
Events
Projects

19
Resource Management andSAS 112

Department Key Controls
GL Reconciliation
Review of Budget Reports
Equipment Inventory

20
Scenario 1

Your department is hosting an international
conference. The expected number of participants
is 250. Pre-registration is required. The PI,
who is the host, believes 500 is the going rate
for conferences.

In Groups List the steps you would take to
develop the budget and track expenditures for
the conference.
21
Resource ManagementAnalyze Costs, Benefits, and
Risks

Something sounds like a good idea,
but is it?

22
Resource ManagementAnalyze Costs, Benefits, and
Risks

Components of Analysis
Statement of Purpose
Statement of Benefits
Assumptions
Impact on administrative support

23
Resource ManagementAnalyze Costs, Benefits, and
Risks

Components of Analysis
Quantify costs (one time vs. on-going), space
needs, and capital outlay
Funding sources
Potential risks/problems

24
Resource ManagementAnalyze Costs, Benefits, and
Risks

Components of Analysis
Performance follow-up
Did cost projections come in on target?
Did the benefits outweigh the costs?
Did the results meet expectations?

25
Scenario 2

Your department wants to purchase new desktops
for the office.

In Groups Do a cost-benefit-risk analysis for
your department purchasing the desktops. Present
your recommendations to the department.
26
Resource ManagementAsset Management

Cash
Receivables
University Resources/Equipment
People

27
Resource ManagementAsset Management

Cash
Proper receiving and storing
Proper depositing and recording
Reconcile the deposits

28
Resource ManagementAsset Management

Cash Management
Short Term Investment Pool (STIP)
Depository bank accounts
Disbursement bank accounts
Vendor
Payroll
Balances are invested in STIP daily

29
Resource ManagementAsset Management

Cash Management
Short Term Investment Pool (STIP)
Earnings are credited back to the funds which
generated the interest
The interest for campus owned funds is
distributed back to the campus

30
Resource ManagementAsset Management

Receivables
Do you have any?
Collections
Monitor status
Collection Agencies
Write Off
If you have receivables, you should be using the
BA/RC process

31
Discussion Item 1

Do you have any cash
management issues?

32
Resource ManagementAsset Management

University Resources
Use of the University Seal
Use of the University Name/Logo

33
Resource ManagementAsset Management

Use of the University Name/Logo
Policy 5010
Use of the Universitys Name
Use of the University Seal
Policy 5015
Use of the Unofficial Seal

34
Resource ManagementAsset Management

Campus designees to authorize use of the
seal/name/logo are
Meta Clow
Jeri Pollard (for commercial products)

35
Resource ManagementAsset Management

Equipment
Proper purchasing
Proper tracking
Physical assets are compared to recorded assets
and discrepancies are resolved
Proper disposing

36
Resource ManagementAsset Management

People - This is our most important asset!
Proper training
Formal delegations
Current job descriptions
Timely evaluations
Consistent and fair treatment

37
Data Integrity

Why do we care?
What could go wrong?

38
Data Integrity

How do you maintain data integrity?
Separation of duties
Small departments might need to partner with
other departments
Adequate documentation and description
Well trained employees

39
Data Integrity

How do you maintain data integrity?
Compliance with policies and procedures
Coding Transactions Correctly
Reconcile departmental reports to the GLO60
Reconcile the GLO60 on a timely basis
Record retention

40
Data IntegrityCoding Transactions Correctly

Purpose of Costs
Travel
Office Supplies
Services
Consistency in treatment of costs is a critical
policy for the federal government.

Types of Costs
Direct
Indirect
Unallowable
Function of Cost
Teaching
Research
Public Service

41
Discussion Item 2

You are given a list of transactions for todays
activity.
Identify the correct coding for
each transaction.

42
Data IntegrityRecord Retention

Why is this important?
The institution needs to consistently apply a
records management program
If your practice is to keep everything, you will
be expected to produce what is requested
If you can show that you consistently follow the
record management program, the court will accept
your inability to produce the record

43
Data IntegrityRecord Retention

How long do we have to keep records?
The UC Records Disposition Schedules Manual
specifies the length of time records must be
maintained by the office of record and others
http//www.policies.uci.edu/adm/records/721-11a.h
tml

44
Data IntegrityRecord Retention