Contact Search Site Map

Electronic Services

Accounts & Passwords Calendar: Meeting Maker Central Systems Course Evaluations Email Services Faculty Web Access Learning Management: Blackboard Learning Management: Moodle List Server: Majordomo Network Folders SSL Certificate Systems Status University Notices WebMail Web Server Wireless Hotspots

Other Services

Computer & Equipment Repair Computer Lab Information Courseware Development Hardware Purchase Agreements Help Desk Information Security Internet Service Providers Media Distribution Media Production People Locator Smart Classrooms Software Purchase Agreements Virus Protection

Account Request Alumni Account Request Anonymous FTP Directory Blackboard Course Site Request Disk Quota Increase Email Account Quota Exiting Employee

Faculty Confidentiality Statement Form General (Non-faculty) Confidentiality Statement Form FrontPage Server Majordomo Administration Majordomo List Server Request Majordomo List Server Tools Meeting Maker University Notices Request Form

Chief Inforamtion Officer Academic Computing Instructional Media Services

Telecommunications and Network Services University Computing Services

Policy Documents Reports and Initiatives

Technology Plans University IT Committees

Accessibility Program Connection Desktop Email Information Security Software Web Publishing

Students Faculty Staff

Direct Links

Homepage

Account Information

Instructions to Install HSU SSL Certificate

Set or Change HSU User Name and Password

Tech Guides :: Securing Confidential Information

Information Protection

The best way to protect personally identifiable or other confidential information stored on a computer is to encrypt it. However, encryption can reduce performance on the computer and increase the complexity of using the applications on it. Therefore, if the computer is properly protected with strong, complex passwords and at current software and virus patch levels, deciding to encrypt data is a decision based on trade-offs between risk and performance.

Laptop Computers

Laptop computers used to collect or process personally identifiable or other confidential information need to be protected to the highest level possible. The following standards and guidelines apply:

1. Set up the laptop to boot only from the hard drive.

2. Passwords must meet Information Technology Services (ITS) requirements for access to the central computing servers and access to the Common Management System: see the Security Memo “Password Protection.”

3. Personally identifiable or other confidential information should be encrypted. On Windows laptops, the entire hard drive can be encrypted using Encrypted File System (EFS). There are third-party and open source products available for encrypting files on Mac and Linux laptops, but a better solution, which also can be used with Windows laptops, is to store all the personally identifiable and any other confidential information on an encrypted USB drive. Never store the laptop and USB drive in the same location. For example, the USB drive and laptop should never be carried in the same piece of luggage.

Desktop Computers

The following standards and guidelines apply:

1. Set up the desktop to boot only from the hard drive.

2. Passwords must meet Information Technology Services (ITS) requirements for access to the central computing servers and access to the Common Management System: see the Security Memo “Password Protection.”

3. The same encryption approaches can be used to protect personally identifiable or other confidential information on desktop computers as are identified for laptop computers above. An additional alternative is to store the information on a secured server rather than on the client workstation. The server should be fire-walled to block all ports except those required to support the specific applications being used.

4. If confidential information must be stored on the workstation, the workstation should be physically secured to the extent practical. Simply locking the office door may not be sufficient because many different units on campus must have access, and therefore keys, to all campus offices in order to support the campus. Possible approaches are to enclose the workstation in a security cradle that prevents removal of the hard drive or installing chassis intrusion detectors so that it can be determined if a drive could have been removed and then reinstalled.

Servers

Sensitive information stored on servers should be encrypted. However, it it is not practical from a performance standpoint to encrypt large amounts of or frequently used personally identifiable and other confidential information on a server, the following standards and guidelines apply:

1. Servers that store personally identifiable or other confidential information should be placed behind fire walls that block all ports except those necessary to the applications using the confidential information. Planned firewall implementations should be reviewed with Telecommunications & Network Services to ensure network diagnostics and management are not disrupted.

2. All communications between the secured server and the workstations should be encrypted (e.g., SFTP and SSH in place of FTP and Telnet, encryption set on “high” when using RDP).

3. Applications that do not use the confidential information should be moved to a different server.

Contacting the Campus Information Security Officer

The Campus Information Security Officer can be reached at (707) 826-3815 or security@humboldt.edu.

 

 

 

Endorsed by the Information Technology Council, April 11, 2006

© 2006 Humboldt State University : Information Technology Services : Rights & Usage