Keeping user data private - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!

Network World 360

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Get Real-world Advice on how to Cost Effectively Consolidate your Data Center Novell

Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

I'm an American, and my government-funded schools taught me that government censorship is bad! It's...- Ben

Join the Discussion

Keeping user data private

Insider Threat By Bert Talley , Network World , 01/21/2008
  • Social Web 
  • Email 
  • Feedback 
  • Close

I'm an IT administrator at a community college and am gearing up for the New Year. Many students have their social security numbers on file and also use their credit cards to pay for classes online. What approaches should I make to ensure others can't take this data and use it as their own?

My answer won't be the cure-all solution, but I am providing you with some tips that will assist you in working towards your goal.

Some of the basics you want to cover include, but are not limited to, the following:

* Encrypting the sensitive data
* Knowing where the sensitive data resides
* Using secure firewall(s) and current configurations
* Using a DMZ to protect the internal network from the external network
* Using strong authentication on equipment
* Using Intrusion detection/monitoring for critical applications
* Using virus checking with current updates
* Limiting access to the data (access management)

These are just basic steps taken to protect data on the computing side. Knowing where sensitive data resides is a hot topic for many reasons, including electronic discovery issues, loss of sensitive data, and employer liability. Where data resides and who has access to it has taken many administrators by surprise when the business has received discovery notification for litigation purposes.

Aside from the technical aspects, if you are rusty or have not stayed current with your policies or regulations, now is a good time to brush up on them and begin educating others. If your school deals with Title IV funding, talk to your internal compliance team to see if you need to adhere to any special requirements. In your situation, you will really want to review the Payment Card Industry Data Security Standard (PCI DSS). It applies to any organization that processes credit or debit card information, including merchants and third-party service providers that store, process, or transmit credit card/debit card data. Be aware that if the school is housing the primary account number (PAN), compliance with the standards of PCI is not optional.
Even if you are not storing PANs, the PCI requirements have useful information that will help you conduct a self-audit of your existing processes. If you can pass the audit, you are in pretty good shape. Just by reading the PCI requirements, you will quickly see that securing data is much more daunting and detailed than just applying an encryption technology and calling it a completed project. If you find the necessary technical skills are not employed in your school, look towards a consulting service to assist you.

1 | 2 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code