data security 1
TRANSCRIPT
Stonehill College
Information Security
and Identity Theft
Information Security
• Data Security
• Identity Theft
Massachusetts Data Security Law
• M.G.L. 93H
• 201 CMR 17
• Personal Information
– First name or first initial and last nameAND
1. Government Issues I.D. OR
2. Financial Account Number OR
3. Social Security Number
Massachusetts Requirements
• Written Policy
– F9.2 Information Security Policy
• Safeguards
– Administrative
– Physical
– Technical
• Oversight
– Chief Information Officer
Massachusetts Requirements
• Identify records with personal information
• Routinely evaluate our safeguards
• Regular employee training
• Contractual assurances
• Share information on a need to know basis
• Document a breach
– Notify Office of the General Counsel
Identity Theft
• Federal Trade Commission
– Fair and Accurate Credit Transaction Act
– Red Flag Rules
– 16 C.F.R. 681
• College is a “creditor” with “covered accounts”
– Perkins Loan Program
– Deferred tuition payments
– Invoices to students
Identity Theft
• Identity Theft: when a person commits or attempts to commit a fraud using someone’s identity.
• Identity Theft Prevention Program
– College written document available online, or
– Request copy from the Office of the General Counsel
Identity Theft
• Identity Theft: when a person commits or attempts to commit a fraud using someone’s identity.
• Identity Theft Prevention Program
– College written document available online, or
– Request copy from the Office of the General Counsel
Technical Safeguards
adhering to best practices…
Technical Safeguards
• Antivirus
• Central File Share– Required for confidential and internal use only
information
• Virtual Private Network (VPN)
• Identity Finder– Delete (shred to DOD standards)
– Encrypt
• TrueCrypt for Laptops
Technical Safeguards
• Passwords– Minimum length of 8 characters
– At least 4 letters• Uppercase and lowercase
– Mixture of letters, numbers, and other characters• Alphanumeric and non-alphanumeric
– Cannot use your account name
– Cannot use your last 6 passwords
– Change them at least every 180 days
Information Security
…an important part of our job…