The Confidentiality Requirement For An Information Collection

771 Words4 Pages
Princeton University possesses information that is sensitive and valuable. Personally identifiable information, financial data, building plans, research, and other information considered sensitive. Some information is protected by federal and state laws or contractual obligations that prohibit its unauthorized use or disclosure. The exposure of sensitive information to unauthorized individuals could cause irreparable harm to the University or members of the University community, and could also subject the University to fines or other government sanctions. Additionally, if University information were tampered with or made unavailable, it could impair the University’s ability to do business. Information sensitivity levels Information Guardians are responsible for assessing the security requirements for each of their assigned information collections across three areas of concern: confidentiality, integrity and availability. To facilitate the assessment process and ensure that these requirements are expressed in a consistent manner across the University, Information Guardians should categorize their information collections using the levels described in this section. The confidentiality requirement for an information collection will be expressed in the following terms: • “Public” information can be freely shared with individuals on or off campus without any further authorization by the appropriate Information Guardian/designee. • “Internal” information can be freely shared with members of the University community. Sharing such information with individuals outside of the University community requires authorization by the appropriate Information Guardian/designee. • “Departmental” information can be freely shared with members of the own... ... middle of paper ... ... sticky note under the keyboard. The committee conducting the risk assessment and developing the security policy will need to define appropriate consequences to encourage users to maintain password security. • Open Network shares o Central to the client/server schema is sharing information located on the network with users who need it. Access to share can be restricted by using access control lists. This requires users to authenticate before access to a share is granted. Unprotected network shares make data stored on that share vulnerable to theft, corruption or virus infection. o Network shares configured for remote access are often targeted by intruders in an automated way to place tools on large numbers for Windows-based computers attached to the Internet. Windows machines have been used as intermediaries in various types of denial of service attacks for years.

More about The Confidentiality Requirement For An Information Collection

Open Document