NCSAM: Protecting information assets
Campus community encouraged to understand role in protecting information
8:19 a.m., Oct. 23, 2012--Since 2004, EDUCAUSE, the National Cyber Security Alliance (NCSA) and other national organizations have declared October to be National Cyber Security Awareness Month (NSCAM), and the University of Delaware has joined in this annual effort to promote cyber security.
UD Information Technologies (IT) urges the University community to use NCSAM as an opportunity to be more aware of each faculty and staff member’s role in protecting University information. “It’s an opportunity for employees to take a step back take a fresh look at the information we’re entrusted with and go down the list to see that it’s adequately protected,” Karl Hassler, associate director, IT Network and Systems Services, explained.
Pick up ONEcard
He added that UD employees can use the reminder provided by NCSAM to examine their computing and data management practices, in particular examining how we all manage the data entrusted to our care.
“Understanding what information you possess is important,” Hassler said. “Is it sensitive, personally identifiable information (PII)? Is it subject to contractual or funding agency protection requirements? And keep in mind how critical your information system is to the operation, effectiveness and goals of your unit and University.”
There’s a simple test you can use to determine the sensitivity of information in your unit’s possession: will unauthorized access, modification, disclosure, transmission or destruction of the information breach any individuals’ personal privacy or detract from your unit’s research goals or business functions?
“If mishandling the information will lead to a disruption in your unit’s or the University’s essential functions, then it’s also information we would classify as ‘critical,’” he added.
Password protection and anti-virus software are some of the minimum best practices for protecting public information, but more critical systems that possess sensitive information will need increased protection. “Sensitive confidential information such as grades or personal health information should never be publicly posted,” Hassler explained. “You’d want to lock it down much tighter than, say, an intramural sports schedule.”
For guidance on classifying information in your unit’s care and recommendations on handling and protecting University information throughout its lifecycle from creation to destruction, visit IT’s new Information Classification and Criticality web pages. Also, review UD’s Computer Security website or contact the IT Support Center for more information on protecting information.
Article by Sarah E. Meadows