Wednesday, January 23, 2008

Keeping user data private

This too has appeared in EDD Blog Online, and I believe that even if lawyers do not need it, then their clients surely do.
I'm an IT administrator at a community college and am gearing up for the New Year. Many students have their social security numbers on file and also use their credit cards to pay for classes online. What approaches should I make to ensure others can't take this data and use it as their own?
My answer won't be the cure-all solution, but I am providing you with some tips that will assist you in working towards your goal.
Some of the basics you want to cover include, but are not limited to, the following:
* Using Intrusion detection/monitoring for critical applications
* Encrypting the sensitive data
* Using secure firewall(s) and current configurations
* Knowing where the sensitive data resides
* Using a DMZ to protect the internal network from the external network
* Using strong authentication on equipment
* Using virus checking with current updates
* Limiting access to the data (access management)
 blog it

No comments: