Restricted data are those which the University has legal, regulatory, policy or contractual obligations to protect. Access to restricted data must be strictly and individually controlled and logged. The release of such data has the potential to create major damage to the institution. (Such damage may be legal, academic [loss or alteration of intellectual property], financial, or intangible [loss of reputation]).
Employees should at a minimum apply the following safeguards as listed below. Information Technology staff who administer devices must follow the Minimum Security Baseline, per University Guideline ADG02.
|Passwords – never share your password and avoid writing it down in a location that can be accessed by others.||Passwords video
|Email – never send this information via email without first encrypting.||Email video
|Sharing – only share this information with trusted entities who have a need to know. When sharing, be sure to encrypt first or use a secure and approved method (check with your local IT staff).||Social engineering video
|Storing - store this data in approved locations only. If you are storing your data in a location that is not listed as a permissible storage location, check with your local IT staff to see if there is a better location.||Where data can be stored
|Mobile Devices - encrypt USB or external hard drives. Use a passcode on your mobile device. If you lose your mobile device or if it is stolen, report it to your local IT staff.||Mobile security video
|Physical Location - lock offices, cabinets and other areas where this data is stored either in paper or electronic format.||Physical security video
|Full suite of SANS videos are available on a variety of topics (all videos are less than 6 minutes)||Access the full suite of videos|