search the site
NYU is entrusted with a large amount of sensitive data, such as Social Security Numbers, credit card numbers, student data, and financial data. There are laws and regulations that restrict the use of this type of data, with significant legal and monetary penalties for exposure to unauthorized parties. ITS has developed standards and processes to help you protect the data that is in your care.
The Data Classification Table was created by ITS's Technology Security Services (TSS) and adopted by the Data Protection Risk Analysis Task Force. For questions regarding its contents, please contact firstname.lastname@example.org.
- Secure Computers
- Classify Data
- Assessing Business Processes
- Review Data Storage and Collection
- Secure Sensitive Data
Regardless of the sensitive nature of the data you are storing, every computer accessing NYU's network and data, including laptops and home computers, should comply with the Basic System Security Standard, which requires system to have:
- A strong administrator password
- The latest operating system and application security updates
- Antivirus and anti-spyware software installed and up-to-date
- An activated firewall
For instructions on securing your computer and adhering to the Basic System Security Standard, visit the Getting Secure webpage.
Once you have secured all computers that access NYU resources, you must now begin the process of securing the data that resides on those computers. Before you begin the process of identifying and securing the data, review the ITS Data Classification table to understand the different categories of sensitive data and what is contained in each.
Step 1 — Assess Business Processes
In order to protect sensitive data, you will need to review all of your existing business processes that request or process sensitive data.
Step 2 — Review Data Storage and Collection
Once you have determined the business necessity for using and storing sensitive data, you should review the specifics of how and where your data is collected and stored. The following link will explain how to assess the storage and collection of sensitive data on local computer systems.
Step 3 — Secure Sensitive Data
Once you are aware of how sensitive data is collected and stored, you need to begin the process of securing it from unauthorized access or security breaches. The following link will explain technical and logistical means for securing different types of sensitive data.
For all questions pertaining to the data classification table, "Getting Secure" best practices, and securing data recommendations, please contact the Technology Security Services group at email@example.com.
Page last reviewed: August 10, 2011