Brown's Confidential Information in 2008 – Are YOU at Risk?
Brown's IT Security Group completed its second biennial risk assessment process in late 2007. The data gathered will assist IT Security as it focuses on top risk areas and develops specific training and awareness activities for the coming year.
We attempt to get data from all areas within Brown – including small departments and centers. And we certainly appreciate all of your cooperation as we work to pull all of this data together!
Based on results, here are the high-risk areas we need to continue to pay special attention to!
- Credit card numbers must never be stored unless the process is approved in writing by the E-Commerce Committee (chaired by Beth Gentry).
- Social security numbers are never to be stored on an individual workstation unless approved in writing by the Data Owner and IT Security. The workstation must be evaluated to ensure adequate security.
- If laptops must be used to store "restricted information" (i.e., SSNs, Credit Card Numbers, Driver’s License Numbers, Bank Numbers or Personal Health Information (PHI)), the data must be encrypted.
- "Restricted information" must never be transmitted across the network "in the clear."
If you have questions about any of these risk areas, please contact ITSecurity@Brown.edu for assistance. We can help to increase your security and decrease the possibility that you will be the victim of a serious breach of confidential information at Brown!