Skip to Navigation | Skip to Content

Data Security - Is IT secure?

about getsecure isitsecure documents services contact

search the site

did you know?

  • TSS can discuss security precautions and explain how to implement security policies within your department.
    Find out more >>
  • Handling restricted data? We can assist your dept. with securing restricted data and offer strong security recommendations for free.
    Request assistance >>

Overview

NYU is committed to ensuring the privacy & proper handling of sensitive data. This sensitive data, can include Social Security numbers, credit card numbers, student and financial data. There are laws and regulations which restrict the use of this type of data, with significant legal and monetary penalties for exposure to unauthorized parties. In keeping with these laws, ITS has developed the following standards and processes to help you better protect sensitive data.


Secure Computers

Regardless of the sensitivity of NYU data, every computer accessing NYU's network and data, including laptops and home computers, should adhere to TSS's "Top Ten" Computer Security Best Practices.

Getting Secure >>>


Classify Data

Once you have secured all computers that access NYU resources, you must now begin the process of securing the data that resides on those computers. Before you begin the process of identifying and securing the data, review the ITS Data Classification table to understand the different categories of sensitive data.

Data Classification Table >>>

This Data Classification Table was created by ITS's Technology Security Services (TSS) and adopted by the Data Protection Risk Analysis Task Force. For questions regarding its contents, please write to security@nyu.edu.






Step 1 - Assess Business Processes

In order to protect sensitive data, you need to examine your existing business processes. To do this, you will need to review all of your existing business processes which request or process sensitive data in order to assess the state of data security.

Assess Business Process >>>


Step 2 - Review Data Storage and Collection

Once you have determined the business necessity for using and storing sensitive data, you should review the specifics of how and where your data is collected and stored. The following link will explain how to assess the storage and collection of sensitive data on local computer systems.

Review Data Storage and Collection >>>


Step 3 - Secure Sensitive Data

Once you are aware of how sensitive data is collected and stored, you need to begin the process of securing it from unauthorized access or security breaches. The following link will explain technical and logistical means for securing different types of sensitive data.

Secure Sensitive Data >>>




Contact

For all questions pertaining to the data classification table, "Getting Secure" best practices, and securing data recommendations, please contact the Technology Security Services group at security@nyu.edu.



Page last reviewed: Aug 14th, 2009