The University of Hawai\u02bbi System encompasses 10 accredited campuses and additional education, training, and research centers on six islands throughout the State of Hawai\u02bbi. This highly decentralized and complex organization is dedicated to the highest standards of scholarship and service, which requires an open flow of information and communication.<\/p>\n
Unfortunately, over the last decade, the emergence of increasing abuse by criminals of personal information used by universities, such as social security numbers and credit card or other banking information, has challenged the decentralized culture of free flow of information. In today\u2019s world, access to personal information must be restricted to uses where it is necessary and close guarded wherever it is stored or used. Those individuals whose personal information has been entrusted to the University deserve no less.<\/p>\n
While information security has long been the responsibility of each campus, as of 2011 the University leadership has committed to establishing and resourcing a new system-wide information security program. This approach is more cost-effective and comprehensive than is possible by continuing the decentralized approach that has been in use.<\/p>\n
The University of Hawai\u02bbi Information Security Program is composed of the following strategic areas:<\/p>\n
Additionally, the University has established an Information Security Governance Structure. This leadership group is tasked with ensuring that all information security policies, procedures and other initiatives are implemented and maintained within their authorities. It is composed of senior campus administrators (appointed by their Chancellors) and IT Security Leads (technology support staff designated by their campus leadership or dean\/director). This leadership group meets each semester and once during summer. <\/p>\n
Protecting Personally Identifiable Information (PII) is everyone’s responsibility at the University of Hawai\u02bbi. Understanding what PII is and how to protect it is extremely important to ensuring that the data does not get into the wrong hands or inadvertently exposed. If you suspect that data has been exposed, or someone is inappropriately handling sensitive information, please report it at infosec@hawaii.edu<\/a> (or see Report Security Issues or Incidents<\/a>).<\/p>\n <\/p>\n <\/p>\n E2.215 Institutional Data Governance <\/i><\/a> \u2014 Established to provide principles governing the management and use of data and information at the University, including, but not limited to, the collection and creation, privacy and security, and integrity and quality of that data and information. <\/p>\n E2.214 Data Classification Categories <\/i><\/a> \u2014 Established to organize Â鶹´«Ã½Institutional Data into data classification categories based on the different levels of security risk and penalties that may result from the inadvertent exposure and inappropriate disclosure of those data. The categories are: Public, Restricted, Sensitive, and Regulated.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n If at any point you handle or view any sensitive data or regulated data, you must acknowledge the online General Confidentiality Notice, found at https:\/\/www.hawaii.edu\/its\/acer\/ <\/i><\/a>. The general confidentiality notice identifies the types of information that is considered sensitive and confidential (note that it is not exhaustive). The document also identifies the responsibilities of people who have access to sensitive information.<\/p>\n You should also take the Information Security Awareness Training found in Laulima. This brief course goes over various topics, such as data breaches, securing information, and policy. A link to the Security Awareness Training could be found here: https:\/\/www.hawaii.edu\/infosec\/training\/<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n According to Â鶹´«Ã½<\/span> Revised Statutes (HRS) 487N-7, any personal information system (regardless if it is paper-based or electronic) needs to be reported. For the University of Â鶹´«Ã½<\/span>, this information needs to be reported in the Personal Information Survey site <\/i><\/a>. This information survey MUST be reviewed and updated yearly.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n If you are hosting a server on the University of Â鶹´«Ã½<\/span> network (regardless if it is behind a firewall) MUST be registered on the Server Registration site <\/i><\/a>. In addition to registering your server, it must be scanned for vulnerabilities and sensitive information yearly. More information on this requirement can be found here: https:\/\/hawaii.edu\/askus\/1312 <\/i><\/a>. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n