Tip of the Month
Data security technology on its own is not enough to ensure an optimized balance of access and security. A data security methodology that can be utilized to help optimize data security processes and minimize impact on business operations consists of:
- Data classification
- Discovery of where sensitive data is located
- Applying security methods that best fit risk, data type, and use case
- Enforcing data security policy based on principle of least privilege
- Monitoring access
ISACA Journal, Volume 6, 2014, Bridging the Gap Between Access and Security in Big Data
Education & Training
Risks are those uncertainties that we must understand and manage in order for each of us to execute strategies and achieve our objectives and goals. Limited resources must be applied in a manner to achieve our strategic objectives and to manage the risks that may stand in the way of that achievement. This is the domain of Enterprise Risk Management. The foundation for any ERM program is the COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM Framework which may be viewed at the following site.
Internal Audit Staff are available at your request to provide training on internal controls, proper segregation of duties, information system internal controls, etc. Please contact the Internal Audit Office, email@example.com or firstname.lastname@example.org to discuss your training needs. The training agenda will be coordinated with you to ensure your training objectives are met.
Thefts may result from internal misappropriations or external events such as a robbery. Always remember that unnecessary risk should never be taken -- items in homes, offices, cars, etc. can be replaced. You can't!
Guidelines in the Event of Suspected Internal Theft
The responsibility for protecting University assets is shared by everyone. It is your responsibility to report suspected theft, negligence, misappropriations or carelessness to your Supervisor, Internal Audit, or Campus Police. Be alert and recognize control weaknesses that could result in a loss to the University. It is always better to prevent a loss than to recover one.
Guidelines in the Event of a Robbery
For detailed guidelines refer to the Purdue University Cash Handling Manual. A copy of this document should be on file with your Business Office or may be obtained from the Manager of University Collections. Remember that unnecessary risk should never be taken.
Remain calm and as soon as possible call 911
The "do's" for defusing situations are (1) do have a plan, (2) do be aware of warning signals, (3) do intervene early, and (4) do use calming techniques. The "don'ts" to remember are (1) don't sacrifice yourself for things, (2) don't put your hand unexpectedly on a disturbed or upset person, (3) don't challenge, dare, argue, or threaten the person, (4) don't use derogatory terms or talk as if he/she isn't there.