Data Security

Thursday, March 26, 2015

Dear Faculty and Staff,

As you may recall from previous tax advisory updates, I appointed the Security Working Group to examine our policies, procedures, business processes and technologies that secure information assets and make recommendations to improve them as needed. The Security Working Group is chaired by Marty Mark, chief information officer, and is comprised of information technology, faculty and business professionals from across campus.

This group has been collaborating to establish a suite of strategies and best practices for increasing our security for university computers and data. While the work of the Security Working Group is ongoing, a number of initial activities will be implemented in the coming weeks, including:

  • The application of security guidelines for hardening computer workstations and servers, including mechanisms to help validate security measures are in place and functional.

  • The installation of Identity Finder software used for the detection of sensitive data on university-owned computer workstations and servers. Identity Finder is configured to search for patterns consistent with social security, drivers license, passport and credit card numbers.

  • A process by which sensitive data located via Identity Finder and other means is appropriately managed. Specifically:

  1. Faculty and staff work with IT professionals to assist with Identity Finder search results, identifying files containing the possible presence of sensitive data (i.e., social security, driver's license, passport and credit card numbers).

  2. Faculty and staff review data file(s) to determine if the sensitive data can be eliminated and consult with IT professionals on the most appropriate purging method.

  3. Faculty and staff seeking to retain files containing sensitive data will use a new, custom application to request and seek approval at the dean or director levels, as well as the named data custodian.

  4. Upon data retention approval, UNI IT security staff work with appropriate IT professionals to develop and implement an appropriate data security strategy.

  • Professional development opportunities for faculty and staff, including Phishing Awareness Training and an eLearning-based online course called "Securing the Human." To access: Open your browser and visit https://elearning.uni.edu

  1. Click on the CatID sign-on icon

  2. Login using your CATID credentials

  3. Select "ITS Security: Securing The Human - Security Awareness Training 2013-2015" from My Courses

These are positive steps toward collectively strengthening our data security. I fully support the Security Working Group and the actions they are taking for our collective benefit. I encourage you to participate in the professional development opportunities available and thank you for doing your part to help the campus community reduce personal and university risk when it comes to computer use.

Please direct specific questions regarding these and upcoming initiatives to the Security Working Group by contacting Marty Mark, chief information officer, at 3-6285 or marty.mark@uni.edu.

Purple for Life!

Bill Ruud
President

President's Higher Education Community Service Honor Roll UNI's Impact on Iowa The President's House GREATNESS STEMS FROM IOWANS 2013-2014 UNI Fact Book EthicsPoint Confidential Reporting Service