What actions can each person in an organisation take to minimize the risk of identity theft? Discuss and generate a list of concrete actions each student can take to control this risk at UB. How do you think the Information Security department at UB is structured? You don't need to know the correct answer to this, but based on your understanding of UB's size and the types of information it needs to secure, what roles do you imagine exist here?
There are several ways through which the risk of identity theft can be minimized, these are as follows:
- Information containing personal information should be disposed of through a shredding device.
- Physical business records, such as customer records and other data on paper should be stored in locking filing cabinets – the cabinets should be locked at night, or at those times during the day when the area is not being “supervised” such as during lunch time.
- It’s easy for someone to pretend to be someone they’re not on the phone. Whether it’s someone who wants personal information on a particular customer, or someone who claims they need to verify some personal accounts, information over the phone should not be given out unless one can positively confirm the caller’s identity.
- Computer networks need to be password protected, so that anyone who wanders through the office cannot access the network. The issues of internal network access should also be considered. Programs or databases that may contain sensitive information should be Password protected and access granted on a “need-to-know” basis to help cut down identity theft.
- Avoid broadcasting information
- Disconnect ex-employees immediately
A list of actions that students at UB can take to prevent identity theft is:
- Change their passwords frequently
- When accessing computer labs after-hours, make sure that people do not tail gate
- Not leave the computers on unattended
- Report student ID’s lost immediately
- Not give sensitive information out to just anybody, always ask why that information is required
The University of Ballarat is a relatively small university compared to many other universities in Australia. The structure of the Information Security department would be the same as any university, but on a much smaller scale. For an Information Security department to work smoothly, there are several functions that need to be fulfilled, they are:
- IT function:
This includes the management of networks, software updates/deployment, internet and intranet, helpdesk facilities. A security technician/consultant who sits in the library to help students out with their computer issues. There is also an Information security officer who updates information about security on the university homepage.
- Physical Security:
This includes checking if the areas with computers are secure every night, the university has security guards who perform rounds of all areas in the uni with computers and make sure that everything is locked up every single night.
- Administrative Services:
This function includes services of purchasing hardware and software for the use of the university, purchasing/renewing licenses etc.
No comments:
Post a Comment