Properly Managing Sensitive Data

Hello!

Welcome to the Fall 2019 edition of the Quarterly Security Reminders email, brought to you by Wright State's Chief Information Security Officer. This newsletter will provide you with tips, best practices, and guidelines for how to better secure both your personal and university data.

Recently, I was taking some IT security training to keep my knowledge up to date. In the training, I was reminded of the difference between Information Security Awareness, and Information Security Training. These terms are often used together, for example, stating that our company has an Information Security Awareness Training Program.

As I see it, information security awareness is being mindful of our responsibility in handling sensitive information, the use of our information systems such as Pilot, Banner, email, and the use of our local computers.

Being aware of the responsible use of technology and the need to handle sensitive data properly is only part of the equation. We also have to know how to perform in various situations. For example, Jerry needs access to some sensitive information I have stewardship over, and I need to transmit that data to Jerry in a secure way. Knowing how to get that information to Jerry in the right way is where security training comes in. Information security training gives us the knowledge we need to handle situations like this without creating a risk to the university. If there's a gap in knowledge, problems can occur.

In the coming months CaTS will be developing some additional training to assist the WSU community in understanding how to identify sensitive data, determining the best place to store sensitive data, and determining an acceptable method of transmission.

One thing to keep in mind if you are uncertain of how to handle sensitive data is that by selecting the most secure method to transmit or store the data it won't cause a problem. However, doing the opposite can.

If you have any questions on the best way to handle sensitive data, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu with your questions.

Reference material can be found at the following locations:

University Data Classification Risk Matrix
https://wrightstate.service-now.com/sp?id=kb_article&sys_id=a207b44c134e...

HIPAA Regulations: Uses and Disclosures of Protected Health Information
https://www.wright.edu/information-technology/policies/hipaa-regulations...

Student Privacy and Release of Educational Records-FERPA
https://policy.wright.edu/policy/3010-student-privacy-and-release-educat...