Security Privacy
CSUSM is committed to taking strong measures to protect the security and privacy of campus information assets, promoting the adoption of affordable learning materials, and deploying technologies that are equally accessible to all faculty, staff, and students. New policies from the CSU, as well as regulations from the state and federal governments, will require the campus to create new operational methods and purchase new technology solutions for compliance. Failure to do so may violate state or federal law, and will result in not only audit findings, but fines and costs associated with addressing or mitigating failures and breaches. These efforts will require both technology and personnel resources in order to adequately comply with the requirements.
Big Ideas (3-5 years)
- Opt-In Consent - means of express, affirmative, and explicit--for collecting sensitive data and for using personal data
- Governance - direct and control IT security - security strategies align with business objectives and consistent with regulations
- Trust
- Security - Multi-Factor authentication (MFA) - unique authentication code
Campus Connection
- Everyone - students, staff, faculty, administration
- Google Analytics - provide and protect the security of service
- Data Governance Committee
- Identity Management - designated users have the appropriate access to appropriate technology resources
What is IITS already doing related to Focus on Security Privacy?
- Data Governance Committee and campus policy to provide oversight and ensure data integrity
- Principle of Least Privilege (POLP) - limiting access to the minimal level that will allow normal functioning - lowest level of user rights that individuals can have and still do their jobs
- HIPAA - data privacy and security
- FERPA - privacy of student records and date in partnership with various custodians of record.
Who else might we need to bring into a conversation about Focus on Security Privacy?
- Institutional Planning & Analysis (IPA)
- Information Management Steering Committee and Data Governance Committee
- University Registrar
- Procurement and Contracts
- Dean of Students Office
- University Police
- Disabled Student Services
- Student Health and Counseling Services
What may need to be expanded in terms of services, systems, etc. if Focus on Security Privacy surfaces as a key area of focus from campus stakeholders?
- Acceptable Use Policy expectations/reports
- Digitalization - manage digital risk - Cybersecurity
- Policy / Ethics - established and enhance data security governance and flow
- Data Retention
- Research
What are our internal assets and challenges to meet Focus on Security Privacy needs, if adopted?
- User initiated privacy management - letting users understand the privacy
- Departments asking for data - Ad Hoc Data Request Form - how departments will use data - data released in accordance with FERPA and applicable CSUSM Policies - requests reviewed for appropriate use.
- Everyone contributing to a body of information that needs to be secure
What are people asking for? What issues are IITS aware of?
- Data-driven decisions - integrated planning and resource allocation, data and assessments, student learning outcomes
- Transparency
- Secure work environment
- Access to data