Permissible Storage for Internal/Controlled Data | Search on Data Profile | When to Destroy

Internal/Controlled:  Internal/controlled data is intended for distribution within the University only, generally to defined subsets of the user population. The release of the data has the potential to create moderate damage to the institution. (Such damage may be legal, academic [loss or alteration of intellectual property] financial, or intangible [loss of reputation]).

Employees should at a minimum apply the following safeguards as listed below. Information Technology staff who administer devices must follow the Minimum Security Baseline, per University Guideline ADG02.

SAFEGUARDS Available Training
Passwords – never share your password and avoid writing it down in a location that can be accessed by others.Passwords video
Email – never send this information via email without first encrypting.Email video
Sharing – only share this information with trusted entities who have a need to know. When sharing, be sure to encrypt first or use a secure and approved method (check with your local IT staff).Social engineering video
Storing - store this data in approved locations only. If you are storing your data in a location that is not listed as a permissible storage location, check with your local IT staff to see if there is a better location.Where data can be stored
Mobile Devices - encrypt USB or external hard drives. Use a passcode on your mobile device. If you lose your mobile device or if it is stolen, report it to your local IT staff.Mobile security video

Telecommuting video
Physical Location - lock offices, cabinets and other areas where this data is stored either in paper or electronic format.Physical security video
Full suite of SANS videos are available on a variety of topics (all videos are less than 6 minutes)Access the full suite of videos

Penn State Mark
The Pennsylvania State University @2014
Privacy | Legal