management of data as responsible use icpl 2005. information privacy and security as usual in higher...
TRANSCRIPT
Management of Data as Responsible Use
ICPL
2005
Information Privacy and Security
• As usual in higher education, different institution will have, and take, different approaches to the protection, preservation, and proper use of their IT resources and assets:– Hardware– Software– Data
Privacy and SecuritySecurity and Privacy
• Security– Administrative
• Program
– Logical• Availability• Integrity• Confidentiality
– Physical• Locks and Keys
• Privacy– Transparency
• Data collected/stored• Relevancy
– Disclosure• Notice
– Control• Correct Mistakes• Opt-In or Out
– Security• Administrative• Logical• Physical
Data…
Is at the core of the intersection between security and privacy, not least in the
experience of information technologies.
Comprehensive Information Security Policies
• UC-Berkeley Framework– http://ist-socrates.berkeley.edu:2002/pols.html
• UCOP– http://www.ucop.edu/ucophome/policies/bfb/is3.pdf
• Princeton– http://www.princeton.edu/~protect/PoliciesAndGuidelines/
InfoSecPolicy05-21-2004.pdf
• Chicago– https://security.uchicago.edu/regulated-computers/
policy.shtml
Data Classification and Stewardship
• Classification– http://www.stanford.edu/group/security/
classification/classification_of_data.html
• Stewardship– http://www.itc.virginia.edu/policy/
itcadminappendixa.html– http://www.web.virginia.edu/iaas/
data_catalog/institutional/data_digest/datadigest.html
Cornell IT Policy Framework
http://www.cit.cornell.edu/oit/policy/framework-chart.html
Security of Information Technology ResourcesEvery user responsible for security of devices
connected to the network
Five Categories of Users/Obligations
IT Director: coordinate security program
Unit Heads: oversee (for their unit)
Security Liaisons: effectuate (unit risk assessment)
Local Support Provider: implement (desktop)
User: know who you are and don’t share password!
Responsible Use of IT Resources
Every user must manage the data on their IT devices
Five Categories of Users/Obligations
IT Data Director: coordinate
Stewards: oversee (policy)
Data Liaisons: effectuate (inventory/flows)
Custodians: implement (secure that web page!)
Users: know who you are (and don’t infringe copyright!)
Conclusion
Protection, preservation and appropriate use of institutional IT assets and interests requires comprehensive
information data and security programs.
That an institution have such programs is a given; how they are constructed goes to the history, culture and tradition of the
institution.