|
Division of IT: Security
MU Data Classification System Questions & Answers
How can I meet the DCS requirements?
First, the server storing your data must be properly registered and classified by the IT Professional for your department. Second, the system administrator must verify that the server is located in the correct network security zone and that the server is managed according to the security requirements corresponding with the data level. Finally, all users and administrators of the system should complete Division of IT Security Awareness training.
How does the DCS help me?
The DCS helps you identify and properly manage sensitive data and data that is protected by legal regulations. Classifying your data also helps the Division of IT respond effectively to potential security incidents, which may save your department time and money.
Where does my data fit?
- Level 1: advertising, product and service information, directory information, published research, presentations or papers given at conferences, job postings, press releases
- Level 2: student records, employee records (such as performance evaluations), budget and salary information, departmental policies and procedures, procurement documentation, email, voicemail, instant messages, memos, research that has not be completed or published, vendor documentation, contracts
- Level 3: e-commerce data, medical records, non-disclosure agreements, confidential research, Social Security Numbers
The examples are meant to show how common data types may be classified. However, depending on the topic or focus of the data, the classification may be different from what is shown above. If you have questions about how to classify your data, contact the Division of IT Information Security and Account Management group at isam@missouri.edu.
Do I have to move my server to the MU Data Center?
Some network security zones are only available in the MU Data Center; however, departments may be able to to secure their network in a comparable manner. Data center servers containing level 2 or level 3 data must be protected by a Division of IT firewall. For more information on firewalls, use the Network consulting request form.
What is the purpose of the confidentiality agreement?
The confidentiality agreement is intended to ensure that users accessing sensitive data understand their responsibilities.
How does the Division of IT monitor compliance with the DCS?
Systems storing level 2 and level 3 data will be audited on a yearly basis to ensure compliance with the DCS and applicable legal regulations. Audits will be scheduled with departmental IT pros and/or system owners.
What do I do if I must keep sensitive data on my workstation?
If you have a legitimate need to store sensitive data on a workstation or laptop, you must meet the security requirements for the data level, including comparable, network-based security.
Who can I contact for help?
If you have any questions or concerns you can contact the Division of IT Information Security and Account Management group at isam@missouri.edu.
|
