Section content mobile menu toggleSection Content

Information Security at the University of Hawai‘i

CampFIRE Cyber Security Challenge

Join UH for a jeopardy-style Capture the Flag featuring real-life cyber attacks infographic

Join your fellow cyber security professionals and aspiring professionals (college students) for CampFIRE: a Capture The Flag (CTF) that will challenge your Forensics, Incident response, and Reverse Engineering skills. Challenges are based on real-life attacks at UH and day-to-day operational cyber security tasks. CampFIRE will be held at the University of Hawaii Information Technology Center on the UH Manoa campus. Participation is capped at 60 people, so register today at https://www.hawaii.edu/infosec/campfire/

CampFIRE participants are also invited to be mentors to assist and guide high school students for their CampFIRE event on Wednesday, January 3, 2018 at Honolulu Community College. If you have any questions, please send them to: tech-conf@lists.hawaii.edu



Keeping Personally Identifiable Information Private @ UH

Protecting Personally Identifiable Information (PII) is everyone's responsibility at the University of Hawai‘i. Understanding what PII is and how to protect it is extremely important to ensuring that the data does not get into the wrong hands or inadvertently exposed. If you suspect that data has been exposed, or someone is inappropriately handling sensitive information, please report it at infosec@hawaii.edu (or see Report Security Issues or Incidents.

What is Personally Identifiable Information?

Personally Identifiable Information (PII) is the type of information that needs to be protected because the inadvertent disclosure or inappropriate access requires a breach notification or is subject to financial fines. Information such as Social Security Numbers, Driver's License numbers or Hawai‘i Identification Card numbers, Financial Account numbers, PCI-DSS information, and Health information, including anything covered by the Health Insurance Portability and Accountability Act (HIPAA) are categorized as "Regulated" by the University of Hawai‘i.

New University Data Governance and Data Classification Policies (Coming soon)

E2.215 Institutional Data Governance - Established to provide principles governing the management and use of data and information at the University, including, but not limited to, the collection and creation, privacy and security, and integrity and quality of that data and information.

E2.214 Data Classification Categories - Established to organize UH Institutional Data into data classification categories based on the different levels of security risk and penalties that may result from the inadvertent exposure and inappropriate disclosure of those data. The categories are: Public, Restricted, Sensitive, and Regulated.

New University HIPAA Policy and HIPAA Compliance Officer

JT Ash, the University of Hawai‘i HIPAA Compliance Officer can be reached at jtash@hawaii.edu or (808) 956-7241.

The UH HIPAA Policy can be found here: http://www.hawaii.edu/policy/e2.217 Additional UH resources and training could be found on the HIPAA page here: https://www.hawaii.edu/infosec/hipaa/

Do you handle PII, "UH Sensitive", or "UH Regulated" data?

If at any point you handle or view any sensitive data or regulated data, you must acknowledge the online General Confidentiality Notice, found at https://www.hawaii.edu/its/acer/. The general confidentiality notice identifies the types of information that is considered sensitive and confidential (note that it is not exhaustive). The document also identifies the responsibilities of people who have access to sensitive information.

You should also take the Information Security Awareness Training found in Laulima. This brief course goes over various topics, such as data breaches, securing information, and policy. A link to the Security Awareness Training could be found here: https://www.hawaii.edu/infosec/training/.

Do you store "UH Regulated" data electronically or in paper format?

According to Hawai‘i Revised Statutes (HRS) 487N-7, any personal information system (regardless if it is paper-based or electronic) needs to be reported. For the University of Hawai‘i, this information needs to be reported in the Personal Information Survey site. This information survey MUST be reviewed and updated yearly.

Are you responsible for a server running on the UH Network?

If you are hosting a server on the University of Hawai‘i network (regardless if it is behind a firewall) MUST be registered on the Server Registration site. In addition to registering your server, it must be scanned for vulnerabilities and sensitive information yearly. More information on this requirement can be found here: https://hawaii.edu/askus/1312.

Information Security is ALL OUR Responsibility

Remember: Everyone is responsible for the privacy of sensitive information. This task should not be left for one person to accomplish. It requires everyone's understanding and participation to be effective. Everyone should know and understand the procedures of securing data at the University of Hawai‘i.

If you collect it, protect it. Create a culture of privacy in your organization infographic

Source: STOP. THINK. CONNECT. privacy is good for business infographic


US-CERT Vulnerability Alerts

The United States Computer Emergency Readiness Team (US-CERT) provides the latest updates about current threats and vulnerabilities. You can subscribe to their feed to get the latest updates about ongoing vulnerabilities and other cyber threats.

Visit https://www.us-cert.gov/ to learn more.


Don't Fall for Phishing:
Stop. Examine. Ask. Report.
S.E.A.R. the Phish

SEAR the Phish Logo
SEAR the Phish

Stay Informed! Follow us and like us:

Twitter Logo Twitter     Facebook Logo  Facebook