header announcements general info phase 1 phase 2 incident reporting educational offerings contact information log in pennstate home page search penn state search ipas site ipas home page

phaseii

...home

PHASE II

Scanning FAQs

Fact Sheet

Best Practices

Supporting Tools

General FAQs

PSU Policies

Links of Interest

Educational Offerings

 

home | phase ii | faqs

FAQs

  1. When will Phase II begin?
  2. What will be required in Phase II?
  3. What type of information is on the Data Classification?
  4. When will the Data Classification be available?
  5. What type of computer are required to be scanned ?
  6. Is VMware an approved method that meets governing laws and regulations?
  7. What is considered to be sensitive information?
  8. Will centralized funding be available to implement additional security measures as identified by the Data Classification Scheme?
  1. When will Phase II begin?
    A: IPAS has already started to raise awareness regarding Phase II initiatives via the ITS Road Show, and will be presenting at other venues such as the Web Conference and User Services Conferennce. If you would like the IPAS team to meet with your area, please contact us at: 814.867.1340.

  2. What will be required in Phase II?
    A: Phase II will focus around the Data Classification Scheme; however, many of the requirements in the scheme are very similar in nature - if not the same to those in the Payment Card Industry Data Security Standards (PCI DSS)[back to top]

  3. What type of information is on the Data Classification?
    A: There are two primary classifications of systems and networks: public and non-public. In addition, there are three primary classifications of data: public, internal/controlled and restricted. Visit the Data Classification Scheme page for additional information. [back to top]

  4. When will the Data Classification be available?
    A: The Data Classification is in draft form and is being reviewed by University committees. [back to top]

  5. What type of computer are required to be scanned?
    A: In the early phases of scanning University-owned computer in University facilities will need to be scanned. [back to top]

  6. Is VMware an approved method that meets governing laws and regulations?
    A: If properly implemented with use of the ACE security cilent, VMware can be used on servers or desktops. For additional information on the VMware criteria please contact IPAS.

  7. What is considered to be sensitive information?
    A: Social Security Numbers (SSNs), Drivers's License numbers, Personally Identifiable Health Information (PHI), salary and tax information related to individuals, details of University budgets, tenure or promotion information, staff employee review information, password or other system access control information, human subject information, admission and financial aid information and donor information just to name a few. [back to top]

  8. What centralized resources are available to assist units in meeting the Data Classification Security Requirements?
    The University has acquired site license for Proventsure's Governance and Compliance Platform tools to scan computers for sensitive information. This software is available at no cost.

Utimaco Safeware encryption tools for full disk and removable media will be available to departments at a site license rate.

Information Technology Services, Security Operations and Services will conduct web application, vulnerability, and Personally Identifable Information (PII) scans upon request.

The IPAS team is available to consult with your unit on other options and resources.

Records Management staff are available to advise on document retention and destruction policies. [back to top]

 

 

Privacy and Legal Statements | Copyright 2007 The Pennsylvania State University | Contact Us