search the site
- Secure Computers
- Classify Data
- Assessing Business Processes
- Review Data Storage and Collection
- Secure Sensitive Data
NYU is committed to ensuring the privacy & proper handling of sensitive data. This sensitive data, can include Social Security numbers, credit card numbers, student and financial data. There are laws and regulations which restrict the use of this type of data, with significant legal and monetary penalties for exposure to unauthorized parties. In keeping with these laws, ITS has developed the following standards and processes to help you better protect sensitive data.
Regardless of the sensitivity of NYU data, every computer accessing NYU's network and data, including laptops and home computers, should adhere to TSS's "Top Ten" Computer Security Best Practices.
Once you have secured all computers that access NYU resources, you must now begin the process of securing the data that resides on those computers. Before you begin the process of identifying and securing the data, review the ITS Data Classification table to understand the different categories of sensitive data.
This Data Classification Table was created by ITS's Technology Security Services (TSS) and adopted by the Data Protection Risk Analysis Task Force. For questions regarding its contents, please write to firstname.lastname@example.org.
Step 1 - Assess Business Processes
In order to protect sensitive data, you need to examine your existing business processes. To do this, you will need to review all of your existing business processes which request or process sensitive data in order to assess the state of data security.
Step 2 - Review Data Storage and Collection
Once you have determined the business necessity for using and storing sensitive data, you should review the specifics of how and where your data is collected and stored. The following link will explain how to assess the storage and collection of sensitive data on local computer systems.
Step 3 - Secure Sensitive Data
Once you are aware of how sensitive data is collected and stored, you need to begin the process of securing it from unauthorized access or security breaches. The following link will explain technical and logistical means for securing different types of sensitive data.
For all questions pertaining to the data classification table, "Getting Secure" best practices, and securing data recommendations, please contact the Technology Security Services group at email@example.com.
Page last reviewed: Aug 14th, 2009