View
218
Download
1
Tags:
Embed Size (px)
Citation preview
Data Security Issues in IR
Eileen DriscollInstitutional Planning and ResearchCornell University
What IR practitioners can do
Legal consequences of data loss
Resources
Don’t take work home
• If you must access student or other sensitive data from home, use a secure connection like Remote Desktop in Windows XP
• Use a VPN connection• Wireless access
– Create a closed network– Rename network– Encrypt– Update software regularly– Set adminstrator password– Disable file sharing
At Work
• Store student data files on a secure server, not on your personal computer
• Turn your computer off at night if you can be backed up during the day
• Strip identifying student information from data files when you work on them (ssn, address, name)
Securing your computer
• Run an anti-virus program daily• Enable file autoprotect (Symantec Anti-Virus)• Use complex passwords (test with password tester)• Activate Windows Firewall• Run Spybot, Windows Defender and Ad-Aware
frequently• Secure Delete
Secure your computer (cont)
• Turn off file sharing on your computer• Turn off guest accounts• Don’t use the administrator account on your
computer for routine work• Turn on a password protected screen saver for when
you are away from your computer• Lock your office• Monitor your network traffic and usage• Turn off FTP if you are not using it
Secure your computer (cont)
• Clear out your web browser cache• Set Windows to automatic update• Be sure that your anti-virus software is updated
frequently
When traveling with a laptop
• Use an encrypted flash (thumb) drive• Keep close physical possession of your computer
and data• Remove sensitive data from the laptop before travel• If you need sensitive data, store it on a separate
device like a CD and store it separately from the laptop
• Use full disk encryption
Sharing data
• Zip and password protect before sending• Try not to send files via email• Cornell has the registrars drop box. Files are
encrypted during transport over SSL (https://) using strong encryption only.
New York Information Security Breach and Notification Act
• Any NYS resident whose private information was acquired by a person without valid authorization must be notified
• You must notify the NYS attorney general, NYS consumer protection board, NYS office of cybersecurity
• Other states, including California, are passing similar laws
What to do if data security is breached
• Notify security office– Scan– Traffic analysis– Image– System (log) analysis
• IT security may report to data loss team (audit, police, counsel, communications, risk management, IT, representatives from unit)
Resources
http://www.cit.cornell.edu/computer/security/secure.html
Securing your web browser http://www.cert.org/tech_tips/securing_browser/
EDUCAUSE http://www.educause.edu/security
Using wireless technology securely http://www.us-cert.gov/reading_room/Wireless-Security.pdf
Procedures for dealing with security breach http://www.cit.cornell.edu/computer/security/data-loss-prepare.html