West Chester University
Summer 2009
• Confidentiality
To return to this screen (#2) at any time, type 2 and press Enter!
• Go to WCUPA Homepage (
Information
Resources > Information Services > Account
Applications
) or use the following url: http://www.wcupa.edu/infoservices/noc/ap plications/
• Forms should be completed, approved and returned to: Information Security,
Allegheny Hall, Room
– University Systems Personal Account Application
– WCU Confidentiality Statement
• Be aware of the computer security policies and practices already in place on your campus
– ( http://www.wcupa.edu/infoservices/is_policies_and_procedures.asp
)
• Remember – access to computers and university data is a privilege
• Follow the general guidelines common to
– Faculty
– Staff
– Students
K
I
C
• What data is considered confidential?
– Data Classification
• Sensitive
– Contractual obligation to protect
– Right to Know
• Public
– Campus maps
– Restricted
• Required by law
– HIPAA
– FERPA
05/15/2009 6
• Remember the 3R’s
– Roles
– Rules
– Responsibility
05/15/2009 7
• System Administrator/Technical
• Management
• Faculty
• Student
• Staff
05/15/2009 8
• PASSHE Policy
• Employment Contract
• Confidentiality Policy
• Risk Assessment
05/15/2009 9
• Everyone
05/15/2009 10
• Individual accountability
• Faculty
– Responsible for confidential data to which they have access
• Bio/Demo data (including DOB and SSN)
• Student Grades and historical data
• Students
– Responsible for managing their own confidential data
• Log out of session
• Do not share passwords
• Staff
– Responsible for confidential data to which they have access
• Bio/Demo data (including DOB and SSN)
• Student Grades and historical data
• Salary Information
05/15/2009 11
• Know the policies regarding:
– Password use and management
– Virus protection
– Phishing/Spam
– Laptop/Handheld Device
– Access privileges
– Data backup and storage
– Incident response
• Security Breaches
– Follow designated policies and procedures
05/15/2009 12
• Civil and Criminal
• Conflict of Interest
• Disciplinary Action
05/15/2009 13
Data submissions are fully protected
Data encryption
Data transfer agreement
Employees sign and understand confidentiality agreement
Notation on all records containing identifiable data (e.g. confidentiality reminder)
Secure transport from one location to another
05/15/2009 14
Open-access area security
Written data not left out in the open
Log out of sessions
Fax/Copy machines
Secure area
Cover sheets
De-program to recover confidential information
Protection of hard copy information
Written consent to release to outside agencies
Double check before providing information
05/15/2009 15
NEVER …
Email or post grades on a website for the entire class to be viewed by the entire class!
ID
0123456
0789789
0232323
0345345
HOMEWORK
90
85
95
75
MIDTERM
88
86
92
84
ALWAYS …
Use a Course
Management System to post grades – so that each student can only view his/her grades and
ID numbers
FINAL
93
91
93
78
TOTAL
90
87
93
79
GRADE
A-
B+
A
C+
• Lists are normally in alphabetic order by name
• When attendance is called in class, students get used to this order
• Students will NOT remember the entire class list by name, but they can remember the numerical position of a particular student
• Several students at the top of the list are particularly vulnerable
NOTE: http s in the URL (Web Address)
Requires Authentication Login On Campus
NOTE: no s after http in the URL (Web Address)
• Use university email addresses for students when email is needed
• Avoid email altogether whenever possible
– Use Classroom management systems, such as
• Blackboard
• my it lab
– Use Digital Dropbox/gradebook links for assignments
• Don’t use the same passwords for http accounts as for http s accounts
• Use different passwords for home and university accounts
• Since some university accounts require periodic password changes, cycle through a list that you can remember
• Go to http://www.wcupa.edu/infoservices/is-g-1-3.asp
for
WCUPA minimum standards for User IDs and
Passwords
• Secure pdf files electronically distributed
– To assure fair use of copyrighted materials
• Secure file to prohibit altering, copying, printing
• Secure web pages received from students
– Use secure web browser, such as Firefox
– Use No-Script option, which warns of scripts
• Script could be malicious, but can unblock
• Campus Help Desk
• Websites
– www.wcupa.edu/sact
– http://www.getsafeonline.org/
– http://www.computerworld.com/securitytopics/security
• National Centers of Academic Excellence in Information
Assurance Education (an NSA designation) with the
PASSHE system
– East Stroudsburg University
– Indiana University of Pennsylvania
– West Chester University
• Books
– Is It Safe?, Michael Miller
– Blown to Bits , Abelson, Ledeen, & Lewis