What is the Data Classification Inventory?
You may have received a link from infosec@csusm.edu with a Qualtrics link starting with csusm.co1.qualtrics.com. This is IITS’ Confidential Data Classification Inventory, a mandatory inventory for ALL faculty and staff as stipulated by CSU Policy. This inventory is not spam, and you will have 2 weeks to complete this inventory.
The purpose of this inventory is to identify and classify personnel access and handling of Level 1 and Level 2 data, describe below. This enables CSUSM is able to appropriately respond to a potential breach of security and make improvements to storage and access methods if necessary. It is very important that the questions are reviewed thoroughly and answered accurately. Your responses will be kept in a secured with limited access by members of the security team.
The Data Classification Standard adopted by the CSU.
Examples of Level 1
Confidential information include but are not limited to:
- Passwords or credentials that grant access to level 1 and level 2 data
- PINs (Personal Identification Numbers)
- Birth date combined with last four digits of SSN and name
- Credit card numbers with cardholder name
- Tax ID with name
- Driver’s license number, state identification card, and other forms of national or international identification (such as passports, visas, etc.) in combination with name
- Social Security number and name
- Health insurance information
- Medical records related to an individual
- Psychological Counseling records related to an individual
- Bank account or debit card information in combination with any required security code, access code, or password that would permit access to an individual's financial account
- Biometric information
- Electronic or digitized signatures
- Private key (digital certificate)
- Law enforcement personnel records
- Criminal background check results
Examples of Level 2
Internal Use information include but are not limited to:
- Identity Validation Keys (name with) - Birth date (full: mm-dd-yy) - Birth date (partial: mm-dd only)
- Photo (taken for identification purposes)
- Student Information-Educational Records not defined as “directory” information, typically:
- Grades, Courses taken, Schedule, Test Scores, Advising records, Educational services received, Disciplinary actions, Student photo
- Library circulation information.
- Trade secrets or intellectual property such as research activities
- Vulnerability/security information related to a campus or system
- Campus attorney-client communications
- Employee Information, Employee net salary, Home address, Personal telephone numbers, Personal email address, Payment History, Employee evaluations, Pre-employment background investigations, Mother’s maiden name, Race and ethnicity, Parents’ and other family members’ names, Birthplace (City, State, Country), Gender, Marital Status, Physical description, Other
- Location of critical or protected assets
- Licensed software
If you have any questions, feel free to contact us by emailing infosec@csusm.edu.