Data Security and Access

1
Data Security and Access
2
Contents

• Introduction
• Data Access
• Data Security Procedures
• Data Security Access Privileges and
  Responsibilities
• Physical Security

3
Introduction

• All administrative data and information are
  college resources. They are owned by the college
  and are shared as appropriate to meet the needs
  of the college.
• Waycross College maintains administrative
  computing resources, including data and
  information, that are essential to performing
  college business. These are college assets over
  which the college has both rights and obligations
  to manage, secure, protect, and control.

4
Why Talk About This?

• User Awareness!
• Our goal (and sometimes our legal requirement) is
  to access the data needed to do our jobs, while
  protecting the data from unauthorized access,
  misuse, or contamination.
• In doing so, we must also protect the computers,
  media, and network to further secure the data.

5
Who Should Care?

• President
• Vice Presidents
• Directors / Division Chairs
• Faculty
• Administrative and Professional Staff
• Classified Staff
• Students
• Visitors
• You!

6
Data Access

• Waycross College employees are granted access to
  those data and information resources required to
  carry out the responsibilities of their position.
• No college employee will knowingly access data
  for which they have no job function to access.
• No college employee will knowingly damage or
  misuse computing resources or data.

7
Data Access

• Access capabilities / restrictions apply to all
  administrative computing resources owned by the
  college. Safeguards are taken to ensure the
  security of the resources and to maximize the
  integrity of the information.
• Access privileges are determined based on the
  duties and responsibilities of each position.

8
Data Security Procedures

• Recognizing the college's responsibility toward
  data security, the college must establish
  safeguards to protect data without unduly
  interfering with the efficient conduct of college
  business.
• College employees are assigned login credentials
  for systems containing sensitive data on a need
  to know basis, for use in conducting college
  business.

9
Data Security Access Privileges and
Responsibilities

• The employees need to access data does not
  equate to casual viewing. It is the employee's
  obligation, and his / her supervisor's
  responsibility, to ensure that access to data is
  only to complete assigned functions.
• Security is everyones responsibility if an
  employee becomes aware that they have access to
  data to which they do not have need to know for
  their job functions, the employee should contact
  Computer Services immediately.

10
Physical Security

• Centralized computer resources will be protected
  in a physically secure location with controlled
  access.
• Computer resources housed within individual
  departments may require physical security
  depending on the value and sensitivity of the
  data they process, the resources they access, and
  their cost. This security is the responsibility
  of the department.

11
Resources

• Educause Data Security Resourceshttp//connect.ed
  ucause.edu/term_view/Data2BSecurity
• Presentation template provided by the Educause
  Computer and Network Security Task
  Forcehttps//wiki.internet2.edu/confluence/displa
  y/secguide/ModelITSecurityTrainingMaterials