CASE.EDU:    HOME | DIRECTORIES | SEARCH
case western reserve university

INFORMATION SECURITY
 
 

2006 Awareness Posters/Info

attachments!

hook, line, and sinquer

get the poster

passwords
QUICK LINKS:

Case Cyber Security Awareness Month

October 2007
staysafeonline
Overview

Case announces National Cyber Security Awareness Month on October 1, 2007, with a number of campus events to stimulate thoughts and discussion on the specific topic of

Identity Theft and Identity-Based Fraud Protection



identity protecting superhero mask

So, get your superhero mask and let's go.

New SSN Use Policy

Case Western Reserve University announces the kickoff of a policy for the use SSNs in administrative processes and IT systems.  This policy was commissioned by the University Provost and developed by a sub-committee of the Case ITSPAC over the 2006-2007 calendar year and was approved in late Spring 2007.  Some of the key criteria for using SSNs are for employment,  financial aid,  IRS reporting,  and academic record tracking.

Coupled with the transition to the new Student Information System, the next 8-12 months represents a buffer period where the university moves from SSN use as an identifier in both administrative processes and supporting IT systems to the use of the EmployeeID/StudentID.  Our legacy mainframe student system was built with business rules around the SSN as the student identifier, and its use is the rate-determining step in the entire university transition away from SSNs.

With the legacy of using SSNs in many processes, there is the strong potential that data of this sensitivity level is still resident in many university data systems.  Therefore, the university will engage all Case students, faculty, and staff in playing a part in the move to improve the handling and security of Tier 3 information such as SSNs.

5 Key Steps to protect sensitive data* and your identity

  1. Inventory where personal data and information are kept.  Use this procedure to find SSNs in your IT environments, on hard drives, and in file servers.  For faculty and staff, identify workflow and business processes that use SSN to identify persons.
  2. Scale down your SSN use to be compliant with university policy.  Contain the files you need to keep that have this type of data in them.
  3. Lock it up.  Protect the data from disclosure and the threats.  Secure documents in locking file cabinets, remove IT systems from open access (physical and network).
  4. Dispose of unneeded SSN-base data.  If it is not needed for financial or legal purposes, it is time to make the process changes necessary.   Get rid of old SSN-based data files in your IT environments.    Shred paper copies of old class lists or grade books that are no longer pertinent to current operations.
  5. Plan for using the EmployeeID/StudentID (emplid)
SSN Use Forum

We are planning a forum of all campus users to discuss where and when SSN transitions are to be made.  Watch the Case Daily for time and location information.


Phishing is not your phriend

A significant threat vector of theft of personal information is via phishing.  Okay, most Case people won't get snookered by a phishing email, but you can be a part of the solution.  Paul Laudanski of CastleCops will be our guest speaker to address the Phishing Incident Response Team and its role in reducing identity-based and financial fraud.  This presentation is scheduled for 4:00 PM, October 18, 2007, in the Ford Auditorium.


What do we use in the interim if the student processes still use SSN?
These are the current 'approved' identifiers, in descending order of preferential use:
  1. Name (last, first)
  2. EmployeeID/Student ID (also called 'emplid')
  3. Case Network ID (abc123)- for students that don't yet have a new StudentID
  4. Badge Number from your Case ID Card
  5. SSN (for students)

Case Paranoid Geeks
Be a real geek and play the ISS Security Game.

Recognition
*Based on guidance from the Federal Trade Commission.