Sensitive Data Accessibility Financial Management - PowerPoint PPT Presentation

About This Presentation
Title:

Sensitive Data Accessibility Financial Management

Description:

Sensitive Data Accessibility Financial Management College of Education Michigan State University – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 22
Provided by: CollegeofE223
Category:

less

Transcript and Presenter's Notes

Title: Sensitive Data Accessibility Financial Management


1
Sensitive DataAccessibilityFinancial Management
  • College of Education
  • Michigan State University

2
Agenda for today
  • Sensitive data management
  • Basic computer security issues
  • Financial management
  • Physical Security

Q What are examples of security threats? Q
What does information security mean to you? Q
Why do we need to know this?
3
Levels of sensitivity for data
Institutional data all of the data held by MSU,
in any form or medium, for normal business
operations.
  • Public
  • Sensitive
  • Confidential

4
Public data
  • Not protected and generally made publically
    available, without restriction or limitation
  • Directories
  • Library card catalogs
  • Course catalogs
  • Institutional policies

5
Sensitive data
  • Protected by institutional policy, guidelines, or
    procedures may be public/FOI-able (freedom of
    information)
  • Salary data
  • Detailed institutional accounting and budget data
  • Personally restricted directory data

6
Confidential data
  • Institutional data that could be used for
    identity theft
  • Protected by law, contract, or University policy
  • Records of the university security measures
  • SSN
  • payment/credit card
  • health records
  • student records

7
Sensitive data management at MSU
  • PCI DSS - Payment Card Industry Data Security
    Standard Fine up to 500,000
  • MSUs Managing Sensitive Data site at
    http//eis.msu.edu/sid/

8
Sensitive data management at MSU
  • Use Institutional Data only for University
    purposes.
  • Minimize the potential for their improper
    disclosure or misuse.
  • Individually responsible for the security and
    integrity of Institutional

9
Where to look for confidential data
  • Digital
  • Laptop computers, Desktop computers
  • Phones, thumb drives
  • Network drives, web and file servers
  • Email attachments, social networking sites
  • Paper
  • Sticky notes, notepads, paper files
  • Receipts
  • PAN forms and other official documents
  • Travel documentation

10
Do I absolutely need this data? If not, get
rid of it.
  • As soon as you no longer need the data, delete
    it.
  • Dont leave sensitive data on computers or PDAs
    that can be stolen.
  • Make sure the computer, where the data is stored,
    is protected against viruses, worms, etc.
  • Be careful distributing the data via email or
    paper forms.

11
Q What should you do if an incident occurs on
your computer?
Q what should you do if you find a thumb drive
in the hall way?
12
College Policy
  • College policy can be found from this website
  • http//education.msu.edu/csg/
  • All college staff are required to attend
    sensitive data awareness seminar every three
    years.
  • No one should keep SSN and credit card number on
    your computer and shared drive.

13
In practical terms, this means?
  • No confidential data on college servers or
    computers There is no reason to store SSNs on a
    computer, so dont. If you need to use SSNs at
    all, work with us to make sure they are handled
    with a minimum of risk.
  • If you absolutely must have SSNs, credit card
    numbers, or any other sensitive data on paper,
    destroy paper sheets as soon as you dont need
    the data anymore. If you need to keep the data,
    lock the papers up, then destroy them as soon as
    you can.
  • Most important Know the policy, be aware of how
    you can minimize exposure.

14
Q what should you do when your salvage your PC?
15
Internet use security
  • When you browse Internet
  • Set your browser security to medium/medium-high
  • Add safe sites to trusted sites
  • Block pop-up windows in your browser
  • Clear cookies and cache for browser periodically
  • Log out of secure apps when not in use
  • use screen saver to lock the screen
  • Do not write down passwords
  • Be aware when use Instant messenger, chatting

Video Spyware Video Do not leave your computer
unlocked
16
Basic computer use protection
  • Strong password, but easy to remember
  • Install anti virus program and update
    automatically
  • Updates Windows system automatically
  • Turn on Windows built-in firewall
  • Set the Internet browser security medium-high
  • Do not download free programs from internet
  • Do not use flash drive as your main storage
  • Salvage computer only after clean the hard drive

17
Email Phishing
  • Phishing (use of e-mail messages that appear to
    be sent from a trusted source.)
  • Spelling Mistakes
  • Incorrect Graphics
  • Personal Information
  • The URL

Video Email hoax
18
File management
  • Manage by folders
  • Save on the server (\\edshare.educ.msu.edu)
  • Name files properly (do not use space or , , ,
    !)
  • View files with different layout
  • Stop using floppy disks use thumb drive to
    transfer file

Email management
  • Organize by folders and sub-folders

19
Financial Management Oversight
  • Segregation of duties More than one person
    needed to complete a record transaction.
    Implement mitigating controls if staffing
    resources do not permit desired segregation of
    duties.
  • Adequate oversight at least take samples.
  • Pay attention to high risk areas cash and
    inventories. Take periodic inventory.
  • Monthly reconciliation of P-card statement is
    required.

20
Physical Security
  • Protect valuables (yours and others)
  • Be aware of and report suspicious activity
  • Good descriptions NOT heroics
  • Keys
  • Doors

21
Please remember to take the survey after you
receive the email with a link. Thanks.
Write a Comment
User Comments (0)
About PowerShow.com