data inventory.

purpose:

The purpose of a campus-wide inventory of electronic storage of high-risk confidential data is to identify locations across the UNO campus where personal information is stored. Nebraska has passed a state law that details how personal data breaches must be disclosed, L.B. 876[1]. SSN, Drivers license information, usernames/passwords, banking access information and biometric data has become the keys to identity theft, and Universities have become fertile targets for data disclosures[2]. As stewards of Nebraska residents' personal information, we must be vigilant and pro-active in the protection of data that have been entrusted to our care. UNO's Chancellor has made this effort a high priority[3].

project details:

The ITS Cybersecurity team has partnered with the principle data stewards and security administrators of the SIS and SAP systems, along with the UNO Cybersecurity Advisory Committee, to create a self-reporting data inventory system to identify storage devices where high risk personal information is located.

the data inventory system is located at:

http://datasecurity.unomaha.edu/data_inventory/

Got a question about the data inventory? Follow this link to the FAQ.

If you don't find the answer you are looking for, send an e-mail to datasecurity@lists.unomaha.edu

This system is intended to be a self-reporting repository linked to the person's UNO Net ID who fills out the entries. The system has been designed for an individual to self report or a single person to fill out the inventory for an entire area. Because this is a self reporting inventory, awareness promoting campus participation is critical. Please help promote this project with all of your faculty and staff.

The data inventory system has been activated as of November 1, 2006. All personal information that is being electronically stored must be entered into the system by January 15, 2007. At that time, a snapshot of entries in the system will be taken so analysis can begin. The analysis of the results will be conducted by the ITS Cybersecurity team in coordination with the SIS and SAP Data Stewards/Security Administrators and the UNO Cybersecurity Advisory committee. The results of the analysis will identify what data risks are present and will provide a baseline for forming action plans to reduce the risks of personal data breaches at UNO.

resources:

There are resources to help locate SSN or Credit Card numbers that may be stored in clear-text on a disk. We recommend Cornell's SPIDER tool (http://www.cit.cornell.edu/computer/security/tools/) . Additionally, for a good secure delete utility that is designed to remove all traces of sensitive information, we recommend ERASER (http://www.heidi.ie/eraser/).

references:

[1] http://uniweb.legislature.ne.gov/FloorDocs/99/PDF/Slip/LB876.pdf The Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006, pages 6-7 define personal data.

[2] http://www.privacyrights.org/ar/chrondatabreaches.htm Chronology of data breaches since Choicepoint.

[3] http://datasecurity.unomaha.edu/data_inventory/data_memo.pdf UNO Chancellor's memo on data security.