Add to collection(s) Add to saved
  1. No category

IT Security Policies at K-State Harvard Townsend Interim University IT Security Officer

advertisement 
IT Security Policies at K-State
Harvard Townsend
Interim University IT Security Officer
harv@k-state.edu
532-2985
College Court 114
Oct 4, 2006
Dept Security Contacts Training
1
Security Policies
Oct 4, 2006
Dept Security Contacts Training
2
Security Policies
• K-State IT Policies:
– www.k-state.edu/vpast/itpolicies/
• Security included in many
• New security-related policies:
– Desktop search tools (PPM 3485)
– Extensive revision of PPM 3430
• Future policies per IT security audit
Oct 4, 2006
Dept Security Contacts Training
3
Drivers for Policy Changes
•
•
•
•
IT security audit
Trend Micro purchase
Update antiquated procedures/policies
Address new threats
Oct 4, 2006
Dept Security Contacts Training
4
Audit
•
•
•
•
•
•
Legislative Division of Post Audit
K-State, KU, Emporia State
Winter-spring 2004-2005
Report April 2005
Two reports – public and private
Set of recommendations, most of which
have major policy and procedure
implications
Oct 4, 2006
Dept Security Contacts Training
5
PPM 3485 “Protecting Sensitive
Data by Desktop Search Products”
• Prompted by Google Desktop “Search
Across Computers” feature in new release
• Passed by IRMC spring 2006
• Can’t run Google Desktop if have sensitive
data on the computer
• Cannot use search across computers feature
• Applies to other desktop search tools
Oct 4, 2006
Dept Security Contacts Training
6
Update to PPM 3430
•
•
•
•
•
Nearly a complete rewrite
Extensive review by Faculty Senate, IRMC
IRMC passed on Sept. 21, 2006
Is in final review/approval process
Already interim policy
Oct 4, 2006
Dept Security Contacts Training
7
Other Security Policies
• PPM 3495 “Collection, Use, and Protection of
Social Security Numbers”
• PPM 3415 “Information Security Plan” (GLB)
• PPM 7010, section .430 “Intellectual Property
Rights”
• PPM 7010, section .440 “Data Access and
Retention”
• PPM 3060 “Kansas Open Records Act”
• PPM 3090 “Retention of Records”
Oct 4, 2006
Dept Security Contacts Training
8
IT Policy Procedure
• Now on web in vpast/itpolicies
• IRMC reviews, revises
• Faculty Senate, Dean’s Council, CITAC
comments/signature
• Executive Computing Committee approves
• Published on vpast/itpolicies and PPM
• Interim policies possible
Oct 4, 2006
Dept Security Contacts Training
9
Questions?
Oct 4, 2006
Dept Security Contacts Training
10
Related documents
Document
Document
Hero Award for Exceptional Community Outreach Planned Property
Hero Award for Exceptional Community Outreach Planned Property
Security Roles and Responsibilities Harvard Townsend Interim University IT Security Officer
Security Roles and Responsibilities Harvard Townsend Interim University IT Security Officer
Managing Sensitive Data Harvard Townsend Interim University IT Security Officer
Managing Sensitive Data Harvard Townsend Interim University IT Security Officer
Download
advertisement