[IS&T Security-FYI] Protecting Sensitive Information - IAP - Wednesday January 30 @ 2:00 pm in 56-114

John Dvorak dvorak at MIT.EDU
Fri Jan 18 15:28:14 EST 2008 

Greetings!

If you missed the recent IAP session on Protecting Sensitive Information,
you're in luck because we are holding a 2nd session on Wednesday, January 30
from 2-3:30 pm in room # 56-114.  Please see
http://student.mit.edu/searchiap/iap-5315.html for the IAP listing of this
event.

Have you, or someone you know, received a letter saying "We are sorry, but
your personal information has been compromised?"  If so, this session will
be of interest to you.  The news is filled these days with stories of
companies and universities that have inadvertently released sensitive
information about their employees, customers and/or students. This
inevitably results in complex and expensive notification activities, and may
also result in identity theft, legal action, and a significant amount of bad
press.

Computers make it easier to collect, organize and distribute information in
new and exciting ways.  The amount of information collected is staggering
and continues to increase.  Much of this information is considered
sensitive, whether it is social security numbers, credit card information,
student records, donor information, medical records or proprietary research
data. 

Because of the risks associated with collecting and storing all of this
information, we decided to hold this IAP session to provide the MIT
community with a better understanding of what sensitive information is and
what efforts are currently underway to help mitigate the risk. 

I will moderate the session and begin it by describing what sensitive
information is and why it needs to be protected. 
 
Tim McGovern (tjm at MIT.EDU) of IS&T will be talking about the legal, policy
and data security incident response process at MIT.  He will briefly review
the new Massachusetts law that governs data security breaches.  He will also
discuss the evolution of MIT's data incident response process leading to the
formation of an MIT Data Incident Response Team in the Fall of 2007.  He
will conclude with his New Year's wish list for protecting sensitive
Information.

Allison Dolan (adolan at MIT.EDU) of IS&T will address the recently initiated
program to look at how MIT is handling Personally Identifying Information
(PII), with an initial focus on Social Security Numbers (SSNs).  This
includes central and departmental systems as well as hardcopy files.  The
program includes inventorying where SSNs may be found, as well as
recommendations for what to do if you no longer have a business reason for
needing SSNs.

Christina Williams (chrisw at mit.edu) of the Office of Major Agreements will
discuss the risks associated with accepting credit cards as payment for
goods, services or conference registration.  She'll also talk about a new
Institute-wide model that is being implemented that will allow DLCs to
accept credit card payments in an accurate and secure manner. 

We will try to reserve time at the end of the session for people to ask
questions and to share their experiences in this area.  

We hope to see you there!
 
John Dvorak
MIT Audit Division
NE49-4031
x2-3577
dvorak at mit.edu



-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 10694 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20080118/6d6ff923/attachment.bin

More information about the ist-security-fyi mailing list