J. Rick MihalevichDean of Information Technology

Linn State Technical Collegerick.mihalevich@linnstate.edu

573.897.5129June 18, 2009

Provide awareness of the need Provide awareness of the major laws that

impact public entities Provide information on best practices,

technology, and trends Provide resources for further information

Open Accessible Transparent Accountable

LSTC currently utilizes XXXXXX to provide data XXXXXX processes which impacts approximately XXXXXX blocked attacks daily.

XXXXXXX manages a XXXX XXXX router at the gateway

LSTC utilizes XXXXXX Firewall The DMZ is attached to a XXXXXXX appliance. All packets are inspected by XXXXXX and XXXX

security software is used to protect against XXXXXX attacks.

2006 26.5 million veterans was compromised when a laptop was stolen

2007 Inspector General for Tax Administration found 490 laptops containing sensitive taxpayer data had been lost or stolen

2006 Employee information at the department of agriculture was compromised by unauthorized access

Examples of Compromised Data

FERPA: Family educational rights and privacy act

HIPAA: Health insurance portability and accountability act

GLB: Gramm-Leach-Bliley Act The Privacy Act E-government Act FISMA: The Federal Information Security

Management act

Conclusion #1: LSTC Infrastructure◦ Security by Obscurity

Conclusion #2: Examples of Compromised Data◦ Employees may pose the greatest risk

Conclusion #3: Public Laws◦ Balance between openness and security

Public Trust Restricting access, in the name of security is no vise

Pass Phrase Thumb drive encryption Encryption of laptops Virtual Private Networks (VPN’s) Touchpad security Effective patch management

Security officer Security by Obscurity Not using SSN Training and awareness Change passwords frequently (Strong) Don’t click on e-mail links

www.cybersecurity.mo.gov www.msisac.org Department of Homeland Security National Governors Association Center for

Best Practices National Association of Chief Information

Officers Governmental Accountability Office

Principles of openness, accuracy, transparency and accountability

How would you like your personal information handled fairly and lawfully process it process it only for limited, specifically stated purposes use the information in a way that is adequate, relevant and

not excessive use the information accurately keep the information on file no longer than absolutely

necessary process the information in accordance with your legal rights keep the information secure never transfer the information outside

ethnic background political opinions religious beliefs health sexual life criminal history