Skip to end of metadata
Go to start of metadata

Prev Meeting | Next Meeting

Protection of Sensitive Information during Transmission (ITransmit)

Protection of Sensitive Information during Transmission (ITransmit) is developing recommendations for policy and guidelines that complement and extend the previous initiative that addressed Storage and Encryption of Sensitive Information (IEncrypt).

Tuesday, May 31, 2011, Rm 2281 CS

  1. Agenda Review

  2. Background
    See: ITransmit

  3. IT Policy Process
    Handout: IT Policy Program
    See also: examples of previous initiatives: IEncrypt, IReport, IAccess, SLiM, POD

  4. Charter Review
    Handout: ITransmit Charter
    See also, examples of recommendation documents: IEncrypt Recommendations, IReport Recommendations

    Action: Please review and comment on charter by June 21st.

  5. Tentative plan for developing recommendations
    1. Brainstorming
    2. Review initial draft of recommendations
    3. Continue reviewing drafts
    4. ...
    5. Final review of recommendations, and preparation for meeting with the CIO
    6. Meet with CIO to present and discuss recommendations
    7. Consider further steps

  6. Brainstorming (partial, will continue next meeting)

    Issues identified so far

    Raw flip chart notes

    Possible categories of issues

    Tranmission – sometimes too focused on encryption, rather than limiting transmission and distribution.

    [tools and solutions] [scope]

    Relationship between ITransmit and IEncrypt.

    [policy and guidelines]

    "Free" certificates enable encryption.

    [tools and solutions]

    WiscVPN enables encryption.

    [tools and solutions]

    Is this about "Public Networks"?

    [scope] [use cases]

    UW-Madison to UW-Madison transmission only, or UW-Madison to third party also? Where is the border?

    [scope]

    Types of Sensitive Information.
    * PCI
    * FERPA
    * Human Subjects
    * etc...

    [scope] [use cases]

    Policy vs. Guidelines.

    [policy and guidelines]

    Awareness.

    [communications]

    Training.

    [communications]

    Person to Person (e.g. email) vs. Person to Entity (web sites).

    [use cases]

    Personal conduct/practice.

    [communications]

    Repository of information needed by external users.

    [tools and solutions] [use cases]

    Mobile devices.

    [scope] [use cases]

    Windows shares, samba, SQLNet, etc.

    [scope] [use cases]

    Encryptions hides problems (e.g. can't scan for viruses.)

    [use cases] [communications]

Future Meetings:

No files shared here yet.

Contact

  • No labels