What are universities doing to reduce the risk of Information Theft?
Shawnee State University:
1. Employee
Education
University employees are being educated about the importance of information
security. UIS is launching its own Security Awareness Education Campaign, "Be
Informed, Be Aware, Be Responsible About Information Security" in which
employees are made aware of the need for security awareness in their daily
routines. In addition, the University is participating in the Federal Trade
Commission's educational program on Identity Theft entitled "Deter, Detect,
Defend; Avoid ID Theft" which educates individuals about how to avoid personal
identity theft. Employees are also educated on and expected to abide by the UTAC approved
"Conditions for Information
Security and Best Practices".
UIS is conducting information sessions with campus departments to discuss this web site and what it means to each employee. Employees and departments may watch this video at their own convenience to understand what steps you can take to protect the date you use each day. Click here to view the video.
2. Avoiding the use of Social Security Number as an identifier
Shawnee
State University has nearly eliminated the use of the Social Security number as
an identifier for students and employees. By using identifiers such as the CARS
ID in its place, the risk has been greatly reduced. University departments are
continuing to identify any remaining areas where this can be eliminated.
3. Reducing the use of identifier information
on printed items
Printed items such as receipts or payroll related items
are being modified so that, where possible, identifier information such as bank
account number, credit card numbers, etc are not displayed. University
departments are continuing to identify any remaining areas where this can be
eliminated.
4. Confidential or officially protected data
must be stored on UIS protected servers only
Any and all files, including
databases, spreadsheets, word processing documents, and reports with
confidential or officially protected data must reside on UIS managed secure
servers. This means that files with confidential data cannot be stored on local
workstations, shared on local drives, or saved to any portable media. In
addition, these files may not be transmitted by email without a secure
connection. University Departments are continuing to identify if they have any
such data which is not currently stored on a UIS protected server and with the
assistance of UIS it will be relocated to an appropriate and secure location.
5. Prohibiting the use of confidential
information on mobile devices
Mobile Devices, including but not limited to,
laptops, email, disks, CDs, DVDs, USB Drives, iPods, PDAs, and pocketPCs should
never be used to store, back-up, or transfer confidential or identifiable data.
UIS will work with each department individually to help identify and determine
if they have a need for shared secure server space or proper secure back-ups.
6. SSU Policies and Guidelines
Shawnee
State University employs several board approved policies as well as Conditions
for Information Security and Best Practices that have been approved by the
University Technology Advisory Committee (UTAC) as a means of regulating the use
of data and information on campus.
7. Incident Response
Individuals
suspecting a data loss or theft incident must complete the
Confidential
Information-Data Loss or Breach of Security Incident Report. The submission
of this form will initiate the university's response as a part of the larger
Emergency Response Plan for
Information Security.
Individuals are
required to know and comply with UTAC's approved Conditions for Information
Security and Best Practices. Failure to comply with these practices may
result in loss of computing privileges and/or disciplinary action.
Users connecting to the Shawnee State University
Network agree to abide by Shawnee
State University’s Network and Computer Policy 5.30. This Board of Trustees
approved Policy governs access to all University computing facilities and
network resources.
Other Universities'
Efforts:
Shawnee State University is working to
create an environment that balances security with accessibility. The efforts we
are making are in line with the activities of other Ohio public institutions.
The following links show the current efforts of these institutions.
Bowling Green State University
http://www.bgsu.edu/its/security/index.html
*Miami University
http://www.units.muohio.edu/mcs/information_security/index.shtml
*The University of Toledo
http://www.eitnetwork.utoledo.edu/security.asp
Ohio University
http://technology.ohio.edu/about/#security
The Ohio State University
http://cio.osu.edu/buckeyesecure/
For a list of all Ohio Inter-University
Council member schools visit
http://www.iuc-ohio.org/
*Thank you to Miami
University’s Security Office and The University of Toledo for sharing their
Information Security Awareness efforts and practices.