Information Security at the University of Hawaii
CampFIRE Cyber Security Challenge
Join your fellow cyber security professionals and aspiring professionals (college students) for CampFIRE: a Capture The Flag (CTF) that will challenge your Forensics, Incident response, and Reverse Engineering skills. Challenges are based on real-life attacks at UH and day-to-day operational cyber security tasks. CampFIRE will be held at the University of Hawaii Information Technology Center on the UH Manoa campus. Participation is capped at 60 people, so register today at https://www.hawaii.edu/infosec/campfire/
CampFIRE participants are also invited to be mentors to assist and guide high school students for their CampFIRE event on Wednesday, January 3, 2018 at Honolulu Community College. If you have any questions, please send them to: firstname.lastname@example.org
Keeping Personally Identifiable Information Private @ UH
Protecting Personally Identifiable Information (PII) is everyone's responsibility at the University of Hawaii. Understanding what PII is and how to protect it is extremely important to ensuring that the data does not get into the wrong hands or inadvertently exposed. If you suspect that data has been exposed, or someone is inappropriately handling sensitive information, please report it at email@example.com (or see Report Security Issues or Incidents.
What is Personally Identifiable Information?
Personally Identifiable Information (PII) is the type of information that needs to be protected because the inadvertent disclosure or inappropriate access requires a breach notification or is subject to financial fines. Information such as Social Security Numbers, Driver's License numbers or Hawaii Identification Card numbers, Financial Account numbers, PCI-DSS information, and Health information, including anything covered by the Health Insurance Portability and Accountability Act (HIPAA) are categorized as "Regulated" by the University of Hawaii.
New University Data Governance and Data Classification Policies (Coming soon)
E2.215 Institutional Data Governance - Established to provide principles governing the management and use of data and information at the University, including, but not limited to, the collection and creation, privacy and security, and integrity and quality of that data and information.
E2.214 Data Classification Categories - Established to organize UH Institutional Data into data classification categories based on the different levels of security risk and penalties that may result from the inadvertent exposure and inappropriate disclosure of those data. The categories are: Public, Restricted, Sensitive, and Regulated.
New University HIPAA Policy and HIPAA Compliance Officer
JT Ash, the University of Hawaii HIPAA Compliance Officer can be reached at firstname.lastname@example.org or (808) 956-7241.
Do you handle PII, "UH Sensitive", or "UH Regulated" data?
If at any point you handle or view any sensitive data or regulated data, you must acknowledge the online General Confidentiality Notice, found at https://www.hawaii.edu/its/acer/. The general confidentiality notice identifies the types of information that is considered sensitive and confidential (note that it is not exhaustive). The document also identifies the responsibilities of people who have access to sensitive information.
You should also take the Information Security Awareness Training found in Laulima. This brief course goes over various topics, such as data breaches, securing information, and policy. A link to the Security Awareness Training could be found here: https://www.hawaii.edu/infosec/training/.
Do you store "UH Regulated" data electronically or in paper format?
According to Hawaii Revised Statutes (HRS) 487N-7, any personal information system (regardless if it is paper-based or electronic) needs to be reported. For the University of Hawaii, this information needs to be reported in the Personal Information Survey site. This information survey MUST be reviewed and updated yearly.
Are you responsible for a server running on the UH Network?
If you are hosting a server on the University of Hawaii network (regardless if it is behind a firewall) MUST be registered on the Server Registration site. In addition to registering your server, it must be scanned for vulnerabilities and sensitive information yearly. More information on this requirement can be found here: https://hawaii.edu/askus/1312.
Information Security is ALL OUR Responsibility
Remember: Everyone is responsible for the privacy of sensitive information. This task should not be left for one person to accomplish. It requires everyone's understanding and participation to be effective. Everyone should know and understand the procedures of securing data at the University of Hawaii.
Source: STOP. THINK. CONNECT. privacy is good for business infographic
US-CERT Vulnerability Alerts
The United States Computer Emergency Readiness Team (US-CERT) provides the latest updates about current threats and vulnerabilities. You can subscribe to their feed to get the latest updates about ongoing vulnerabilities and other cyber threats.
Visit https://www.us-cert.gov/ to learn more.
Don't Fall for Phishing:
Stop. Examine. Ask. Report.
S.E.A.R. the Phish
SEAR the Phish
Stay Informed! Follow us and like us: