A Blueprint for Handling Sensitive Data

Major Initiatives Resources Professional Development Community About EDUCAUSE

You are receiving this message because your browser is not JavaScript-enabled. We recommend you enable JavaScript in your browser, which is required to exploit the full functionality of the EDUCAUSE Web site, to ensure the best possible experience on our site.

A Blueprint for Handling Sensitive Data: Security, Privacy, and Other Considerations

Columbia, South Carolina
June 4, 2007

Information security risks at colleges and universities present challenging legal, policy, technical, and operational issues. According to a recent study by the EDUCAUSE Center for Applied Research (ECAR), security incidents have resulted in compromises of personal information which have led to bad publicity and the potential for identity theft. Among the steps to protect sensitive data include an information security risk management program, data classification policies, clearly defined roles and responsibilities, awareness programs, and technology solutions among other interventions. This seminar will outline a blueprint for protecting sensitive data according to the EDUCAUSE/Internet2 Security Task Force.

Intended Audience

This seminar is designed for the following audience:

Data Stewards, Data Trustees, and Data Custodians
Information Security Professionals
IT Directors and Managers
Privacy Officers

Risk Managers
Policy Administrators
Auditors

Presenters

Shirley Payne
Director, Security Coordination and Policy
University of Virginia

Jim Jokl
Director of Communications & Systems
University of Virginia

Resources

Tools

Articles

"A Unified Approach to Information Security Compliance" by M. Peter Adler, EDUCAUSE Review (2006)
"The Privacy and Security Policy Vacuum in Higher Education" by Fred H. Cate, EDUCAUSE Review (2006)
"Presidents and Campus Cybersecurity" by Joy R. Hughes and Jack Suess, EDUCAUSE Review (2005)
"Addressing Information Security Risk" by Mohammad H. Qayoumi and Carol Woody, EDUCAUSE Quarterly (2005)
"Security Breaches: Notification, Treatment, and Prevention" by Rodney Petersen, EDUCAUSE Review (2005)
"The 'Zen' of Risk Assessment" by Cedric Bennett and Richard Jacik, EDUCAUSE Quarterly (2005)

Need Help? | Feedback | Privacy Policy

Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances).