One Stop | Directories | Search U of M

Security Frequently Asked Questions

1. What is the Protecting Private Data Standard?

The Protecting Private Data Standard, developed by University OIT Security, outlines the responsibility for private data and the steps that must be taken to ensure that the devices containing this data are secure.

2. What is the definition of private data?

According to the standard, private data is any data that does not fall within the definition of “public data” as defined by the Minnesota Data Practices Act, HIPAA, FERPA, GLBA or other applicable laws and University policies. Private data includes your University payroll data; research, medical, and human research subject data; creative output that is potentially copyrightable (e.g. manuscripts, artwork, research data, research materials); and most data about students and employees. University OIT Security provides examples at http://www.umn.edu/oit/security/privatedata.html

3. What is the purpose of the Protecting Private Data Standard?

During the last year, thousands of computers within the University were attacked, and the availability, integrity, and confidentiality of data on many computers were threatened or compromised. This standard outlines standard-practice improvements necessary to minimize or prevent future security incidents. These improvements are based on the consensus opinion of the IT security community.

4. Who is responsible for the security of my private data?

You, as the data owner, are ultimately responsible for the security of the private data on your computers and other devices. Your IT staff can help you with configuring your computers, using the practices outlined below. They can also assist you in periodically reviewing your computers’ security settings. IT staff secures computers, not data.

5. What security measures does this standard require?

The standard requires many common security practices such as using anti-virus software, patching operating systems, and establishing and regularly changing high-quality passwords. It also requires measures such as the regular use of encryption, physical access restrictions to computers, and security-event logging & analysis. For a more complete presentation of these measures, please see the CLA Security Roadmap.

6. What is a high-quality password and how does it protect my data?

A high-quality (strong) password generally consists of eight or more characters and includes a combination of upper- and lowercase letters, numbers, and special characters (!@#*). It is not a ‘dictionary’ word, a birthdate, a pet’s name, or any common word or phrase. A strong password is less likely to be compromised in cases where computer passwords are attacked.

7. How do frequent password changes protect my data?

Even with high technical security standards, unauthorized people still sometimes discover others’ passwords. In the event that your password is discovered, a password change removes the unauthorized access; frequent changes reduce the possibility that someone can impersonate you with an old discovered password.

8. My computer does not store private data; do I have to adhere to the standard?

At this time, the Protecting Private Data Standard applies only to computers containing private data; however, any networked computer can be used to access servers storing private data or, if compromised, to attack any other computer that holds private data. Therefore all computers benefit from the security requirements of the Standard, and the College strongly recommends that every computer meet the Standard’s requirements even if it does not store private data.

9. I do not currently use the CLA Novell servers. Does server-based data storage offer security benefits?

Using the servers to store data improves the availability of your data through storage redundancy, regular backups, and constant IT staff supervision. Regular backups also allow data integrity to be verified over time.

10. IT staff has recommended/discouraged the use of a program due to security concerns. Why is this important?

Many applications, especially web browsers and email clients, have security vulnerabilities that allow malicious people or programs to compromise the security of data on your computer. Your IT staff is frequently aware of new developments and vulnerabilities in commonly-used programs, and may periodically recommend alterations in your computer use. Following these recommendations preserves and enhances the security of your private data.

Please see the CLA Security Roadmap for a more complete discussion of these issues.

Need Help Now?

CLA Office of Information Technology
110 Anderson Hall
257 19th Ave S.
Minneapolis, MN 55455

612-624-4357 (4-HELP)
help@cla.umn.edu

Contact the CLA-OIT website maintainer: webhelp@cla.umn.edu

© 2005 Regents of the University of Minnesota. All rights reserved.
The University of Minnesota is an equal opportunity educator and employer.

Trouble seeing the text? | Privacy
One Stop | Contact U of M