- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Wireless dangers at airports. Listen now!
Learn how network-wide routing and CoS traffic visibility can help ensure your CoS traffic and converged IP service delivery
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
I'm an American, and my government-funded schools taught me that government censorship is bad! It's...- Ben
I'm an IT administrator at a community college and am gearing up for the New Year. Many students have their social security numbers on file and also use their credit cards to pay for classes online. What approaches should I make to ensure others can't take this data and use it as their own?
My answer won't be the cure-all solution, but I am providing you with some tips that will assist you in working towards your goal.
Some of the basics you want to cover include, but are not limited to, the following:
* Encrypting the sensitive data
* Knowing where the sensitive data resides
* Using secure firewall(s) and current configurations
* Using a DMZ to protect the internal network from the external network
* Using strong authentication on equipment
* Using Intrusion detection/monitoring for critical applications
* Using virus checking with current updates
* Limiting access to the data (access management)
These are just basic steps taken to protect data on the computing side. Knowing where sensitive data resides is a hot topic for many reasons, including electronic discovery issues, loss of sensitive data, and employer liability. Where data resides and who has access to it has taken many administrators by surprise when the business has received discovery notification for litigation purposes.
Aside from the technical aspects, if you are rusty or have not stayed current with your policies or regulations, now is a
good time to brush up on them and begin educating others. If your school deals with Title IV funding, talk to your internal
compliance team to see if you need to adhere to any special requirements. In your situation, you will really want to review
the Payment Card Industry Data Security Standard (PCI DSS). It applies to any organization that processes credit or debit
card information, including merchants and third-party service providers that store, process, or transmit credit card/debit
card data. Be aware that if the school is housing the primary account number (PAN), compliance with the standards of PCI is
not optional.
Even if you are not storing PANs, the PCI requirements have useful information that will help you conduct a self-audit of
your existing processes. If you can pass the audit, you are in pretty good shape. Just by reading the PCI requirements, you
will quickly see that securing data is much more daunting and detailed than just applying an encryption technology and calling
it a completed project. If you find the necessary technical skills are not employed in your school, look towards a consulting
service to assist you.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
