What are universities doing to reduce the risk of Information Theft?
Shawnee State University:
1. Employee Education
University employees are being educated about the importance of information security. UIS is launching its own Security Awareness Education Campaign, "Be Informed, Be Aware, Be Responsible About Information Security" in which employees are made aware of the need for security awareness in their daily routines. In addition, the University is participating in the Federal Trade Commission's educational program on Identity Theft entitled "Deter, Detect, Defend; Avoid ID Theft" which educates individuals about how to avoid personal identity theft. Employees are also educated on and expected to abide by the UTAC approved "Conditions for Information Security and Best Practices".
UIS is conducting information sessions with campus departments to discuss this web site and what it means to each employee. Employees and departments may watch this video at their own convenience to understand what steps you can take to protect the date you use each day. Click here to view the video.
2. Avoiding the use of Social Security Number as an identifier
Shawnee State University has nearly eliminated the use of the Social Security number as an identifier for students and employees. By using identifiers such as the CARS ID in its place, the risk has been greatly reduced. University departments are continuing to identify any remaining areas where this can be eliminated.
3. Reducing the use of identifier information
on printed items
Printed items such as receipts or payroll related items are being modified so that, where possible, identifier information such as bank account number, credit card numbers, etc are not displayed. University departments are continuing to identify any remaining areas where this can be eliminated.
4. Confidential or officially protected data
must be stored on UIS protected servers only
Any and all files, including databases, spreadsheets, word processing documents, and reports with confidential or officially protected data must reside on UIS managed secure servers. This means that files with confidential data cannot be stored on local workstations, shared on local drives, or saved to any portable media. In addition, these files may not be transmitted by email without a secure connection. University Departments are continuing to identify if they have any such data which is not currently stored on a UIS protected server and with the assistance of UIS it will be relocated to an appropriate and secure location.
5. Prohibiting the use of confidential
information on mobile devices
Mobile Devices, including but not limited to, laptops, email, disks, CDs, DVDs, USB Drives, iPods, PDAs, and pocketPCs should never be used to store, back-up, or transfer confidential or identifiable data. UIS will work with each department individually to help identify and determine if they have a need for shared secure server space or proper secure back-ups.
6. SSU Policies and Guidelines
Shawnee State University employs several board approved policies as well as Conditions for Information Security and Best Practices that have been approved by the University Technology Advisory Committee (UTAC) as a means of regulating the use of data and information on campus.
7. Incident Response
Individuals suspecting a data loss or theft incident must complete the Confidential Information-Data Loss or Breach of Security Incident Report. The submission of this form will initiate the university's response as a part of the larger Emergency Response Plan for Information Security.
required to know and comply with UTAC's approved Conditions for Information
Security and Best Practices. Failure to comply with these practices may
result in loss of computing privileges and/or disciplinary action.
Users connecting to the Shawnee State University
Network agree to abide by Shawnee
State University’s Network and Computer Policy 5.30. This Board of Trustees
approved Policy governs access to all University computing facilities and
Shawnee State University is working to
create an environment that balances security with accessibility. The efforts we
are making are in line with the activities of other Ohio public institutions.
The following links show the current efforts of these institutions.
Bowling Green State University
*The University of Toledo
The Ohio State University
For a list of all Ohio Inter-University
Council member schools visit
*Thank you to Miami
University’s Security Office and The University of Toledo for sharing their
Information Security Awareness efforts and practices.