Skip to Navigation | Skip to Content

Data Security: Is It Secure?

about getsecure isitsecure getsecure documents contact

search the site

did you know?

  • TSS can discuss security precautions and explain how to implement security policies within your department.
    Find out more >>
  • Handling restricted data? We can assist your department with securing restricted data and offer strong security recommendations for free.
    Request assistance >>


NYU is entrusted with a large amount of sensitive data, such as Social Security Numbers, credit card numbers, student data, and financial data. There are laws and regulations that restrict the use of this type of data, with significant legal and monetary penalties for exposure to unauthorized parties. NYU IT has developed standards and processes to help you protect the data that is in your care.

The Data Classification Table was created by NYU IT's Technology Security Services (TSS) and adopted by the Data Protection Risk Analysis Task Force. For questions regarding its contents, please contact

Secure Computers

Regardless of the sensitive nature of the data you are storing, every computer accessing NYU's network and data, including laptops and home computers, should comply with the Basic System Security Standard, which requires system to have:

  1. A strong administrator password
  2. The latest operating system and application security updates
  3. Antivirus and anti-spyware software installed and up-to-date
  4. An activated firewall

For instructions on securing your computer and adhering to the Basic System Security Standard, visit the Getting Secure webpage.

Classify Data

Once you have secured all computers that access NYU resources, you must now begin the process of securing the data that resides on those computers. Before you begin the process of identifying and securing the data, review the NYU IT Data Classification table to understand the different categories of sensitive data and what is contained in each.

Data Classification Table >>>

Step 1 — Assess Business Processes

In order to protect sensitive data, you will need to review all of your existing business processes that request or process sensitive data.

Assess Business Process >>>

Step 2 — Review Data Storage and Collection

Once you have determined the business necessity for using and storing sensitive data, you should review the specifics of how and where your data is collected and stored. The following link will explain how to assess the storage and collection of sensitive data on local computer systems.

Review Data Storage and Collection >>>

Step 3 — Secure Sensitive Data

Once you are aware of how sensitive data is collected and stored, you need to begin the process of securing it from unauthorized access or security breaches. The following link will explain technical and logistical means for securing different types of sensitive data.

Secure Sensitive Data >>>


For all questions pertaining to the data classification table, "Getting Secure" best practices, and securing data recommendations, please contact the Technology Security Services group at

Page last reviewed: July 1, 2015