Saturday, March 30, 2013

Confidential Vs. Sensitive

This week in my Information Security class one of our assignments was to come up with definitions of confidential and sensitive information and list some examples.  I guess I never looked at them as falling in two different categories until now.  So today, since I work at a university, I will be showing you all the difference between confidential and sensitive data within a university setting along with examples.

Confidential Data  is stated to be institutional data for which there is a legal obligation not to disclose. These data elements require the highest levels of restriction due to the risk or harm that will result from disclosure or inappropriate use.

Eamples:
  • All federally protected data
  • Social Security and credit card numbers

Sensitive Data is stated to be institutional data that is not legally protected, but should not be made public and should only be disclosed under limited circumstances. Users must be granted specific authorization to access since the data's unauthorized disclosure, alteration, or destruction may cause perceivable damage to the institution.

Examples:
  • All information identifiable to an individual (including students, staff, faculty, trustees, donors, and alumni), including but not limited to dates of birth, driver's license numbers, employee and student ID numbers, license plate numbers, and compensation information.


 
References

Sensitive vs Confidential. (n.d.). GHSU | Georgia Health Sciences University. Retrieved March 30, 2013, from http://www.georgiahealth.edu/faculty/orientation/itss/Sensitive.html
Posted by at No comments:

Monday, March 25, 2013

Information Security

Hello All!!!

Since I am new to blogging and Information Security, I decided this week that I would discuss what Information Security is. 

Based on the definition from Wikipedia,

"Information security (sometimes shortened to InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)".
Being that I am working on MS in Management Information Systems with a concentration in Cybersecurity IT security is the area that I am planning on moving my career into.  IT Security is basically information security that is applied to technology and most of the time security for some form of computer system. 
I am looking forward to learning more about Information Security and sharing with all of you!
Posted by at No comments:

Wednesday, March 13, 2013

New IT Security Blogger

Hello Everyone!
I am new to the blogging world in general and new to the Security world.  I am currently a Technology Support Analyst at a University in North Carolina.  I am obtaining my Master Degree (MS) in Management Information Systems with a concentration in Cybersecurity.  I will receive my degree later on this year!!!  I would eventually like to change my career to a security position in IT and also teach college level courses after completion.   
I’m open to advice and excited about learning new/different things about IT security.  I am looking forward to sharing security stories with you all throughout the year!
Posted by at No comments:
Subscribe to: Posts (Atom)