department menu

What is the Data Classification Survey?

data

You may have received a link from infosec@csusm.edu with a Qualtrics link starting with csusm.co1.qualtrics.com. This is IITS’ Confidential Data Classification Survey, a mandatory survey for ALL faculty and staff as stipulated by CSU Policy. This survey is not spam, and you will have 2 weeks to complete this survey.

The purpose of this survey is to identify and classify personnel access and handling of Level 1 and Level 2 data, describe below. This enables CSUSM is able to appropriately respond to a potential breach of security and make improvements to storage and access methods if necessary. It is very important that the questions are reviewed thoroughly and answered accurately. Your responses will be kept in a secured with limited access by members of the security team.

The Data Classification Standard adopted by the CSU.

Examples of Level 1 – Confidential information include but are not limited to:

• Passwords or credentials that grant access to level 1 and level 2 data • Medical records related to an individual
• PINs (Personal Identification Numbers) • Psychological Counseling records related to an individual
• Birth date combined with last four digits of SSN and name • Bank account or debit card information in combination with any required security code, access code, or password that would permit access to an individual's financial account
• Credit card numbers with cardholder name • Biometric information
• Tax ID with name • Electronic or digitized signatures
• Driver’s license number, state identification card, and other forms of national or international identification (such as passports, visas, etc.) in combination with name • Private key (digital certificate)
• Social Security number and name • Law enforcement personnel records
• Health insurance information • Criminal background check results

Examples of Level 2 – Internal Use information include but are not limited to:

• Identity Validation Keys (name with) - Birth date (full: mm-dd-yy) - Birth date (partial: mm-dd only) • Vulnerability/security information related to a campus or system
• Photo (taken for identification purposes) • Campus attorney-client communications
• Student Information-Educational Records not defined as “directory” information, typically: - Grades - Courses taken - Schedule - Test Scores - Advising records - Educational services received - Disciplinary actions - Student photo • Employee Information - Employee net salary - Home address - Personal telephone numbers - Personal email address - Payment History - Employee evaluations - Pre-employment background investigations - Mother’s maiden name - Race and ethnicity - Parents’ and other family members’ names - Birthplace (City, State, Country) - Gender - Marital Status - Physical description - Other
• Library circulation information. • Location of critical or protected assets
• Trade secrets or intellectual property such as research activities • Licensed software

If you have any questions, feel free to contact us (securityhelp@csusm.edu).