{"id":1055,"date":"2017-09-26T14:11:31","date_gmt":"2017-09-26T19:11:31","guid":{"rendered":"http:\/\/sites.augsburg.edu\/it\/?page_id=1055"},"modified":"2026-01-26T09:55:49","modified_gmt":"2026-01-26T15:55:49","slug":"information-security-program","status":"publish","type":"page","link":"https:\/\/sites.augsburg.edu\/it\/policies\/information-security-program\/","title":{"rendered":"Information Security Program"},"content":{"rendered":"<p>The protection of the private information of Augsburg community members is of critical importance to the IT Department. \u00a0The three components below describe in broad terms how the institution is protecting that private information. \u00a0In addition, this program ensures compliance with Title IV financial aid requirements for protecting student financial aid information.<\/p>\n<p>Augsburg is taking three main approaches<\/p>\n<ol>\n<li>Defining<\/li>\n<li>Protecting<\/li>\n<li>Educating<\/li>\n<\/ol>\n<h2>Defining<\/h2>\n<p>Through a <a href=\"https:\/\/sites.augsburg.edu\/it\/policies\/\">data classification policy<\/a> Augsburg has defined three types of data and how such data should be handled. \u00a0These definitions provide a common language to describe the information used by departments in various ways. \u00a0Those three types are<\/p>\n<ol>\n<li><strong>Public Data<\/strong>. \u00a0This is information that is available to the general public. \u00a0Examples include press releases, campus maps, and other information on public websites.<\/li>\n<li><strong>Regulated Data<\/strong>. This is information that is protected or controlled by statutes, regulations, institutional polices or contractual language. Examples include student record information (protected by <a href=\"https:\/\/studentprivacy.ed.gov\/ferpa\">FERPA<\/a>), credit card numbers (regulated by <a href=\"https:\/\/www.pcisecuritystandards.org\/pci_security\/\">PCI-DSS<\/a>), or financial records.<\/li>\n<li><strong>Confidential Data<\/strong>. This is information that must be guarded due to proprietary, ethical or privacy considerations. \u00a0Examples include Alumni information, donor information, or research data.<\/li>\n<\/ol>\n<h2>Protecting<\/h2>\n<p>Servers found on campus which are maintained by the IT Department have multiple layers of protection from being within a secure campus network. \u00a0With the growing use of cloud data storage\u00a0we need to keep in mind that data that is considered <em>regulated<\/em> should not be kept in cloud storage, with the exception of FERPA data in Augsburg&#8217;s Google Drive. The <a href=\"https:\/\/docs.google.com\/document\/d\/19QuKl8XqBP4NdNSKyf8ybJ4SCB27kBo7SqfRmhjfa1I\/edit\">data storage chart<\/a> defines how such data should be stored.<\/p>\n<ul>\n<li>FERPA data may be stored in Augsburg&#8217;s Google Drive.<\/li>\n<li>Social Security Numbers and Credit Card Numbers should\u00a0never be stored in cloud storage.<\/li>\n<\/ul>\n<p>Utilizing <a href=\"https:\/\/sites.augsburg.edu\/it\/mfa-faq\/\">multi-factor authentication with Duo<\/a> on user accounts adds an additional layer of protection.<\/p>\n<h2>Educating<\/h2>\n<p>Faculty and staff are the best defense against preventing a loss of data. They are also the most frequent targets through email phishing scams. People are no longer trying to break into organizations. They are trying to trick people into handing over their keys (i.e. their password). To learn more about phishing, please read these IT blog posts on the subject:<\/p>\n<ul>\n<li><a href=\"http:\/\/sites.augsburg.edu\/it\/2013\/02\/13\/phishing-emails-that-try-to-get-your-password\/\">What Is Phishing?<\/a><\/li>\n<li><a href=\"http:\/\/sites.augsburg.edu\/it\/2013\/02\/25\/phishing-when-at-first-you-succeed-try-and-try-again\/\">When At First You Succeed, Try and Try Again.<\/a><\/li>\n<li><a href=\"https:\/\/sites.augsburg.edu\/it\/2026\/01\/08\/happy-2026-a-look-back-at-phishing-and-scams-in-2025\/\">Happy 2026! A look back at phishing and scams in 2025<\/a><\/li>\n<\/ul>\n<p>To ensure all faculty and staff are aware of effective practices Augsburg has subscribed to Data Security training from the <a href=\"https:\/\/sso.augsburg.edu\/simplesaml\/saml2\/idp\/SSOService.php?spentityid=https:\/\/augsburguniversity.litmos.com\/integration\/splogin&amp;RelayState=https:\/\/augsburguniversity.litmos.com\/courses\/myTraining\">SANS Institute (powered by the Litmos platform)<\/a>. \u00a0Training faculty and staff ensures we remain compliant with the Title IV financial aid requirements for protecting student information.\u00a0 Training shall be sent to employees twice a year with a phishing simulation follow-up.<\/p>\n<h2>Program Coordinator<\/h2>\n<p>This information security program is coordinated by Scott Krajewski, CIO, krajewsk@augsburg.edu.<\/p>\n<h3><b><i>Revision History<\/i><\/b><\/h3>\n<table>\n<tbody>\n<tr>\n<td><strong>Revision<\/strong><\/td>\n<td><strong>Change<\/strong><\/td>\n<td><strong>Date<\/strong><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">1.0\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Original Version<\/span><\/td>\n<td><span style=\"font-weight: 400;\">8\/24\/2017<\/span><\/td>\n<\/tr>\n<tr>\n<td>1.1<\/td>\n<td>Annual review<\/td>\n<td>1\/17\/2023<\/td>\n<\/tr>\n<tr>\n<td>1.2<\/td>\n<td>Annual review<\/td>\n<td>1\/24\/2024<\/td>\n<\/tr>\n<tr>\n<td>1.3<\/td>\n<td>Annual review. Added data storage chart link.<\/td>\n<td>2\/3\/2025<\/td>\n<\/tr>\n<tr>\n<td>1.4<\/td>\n<td>Annual review. Added IT blog post link.<\/td>\n<td>1\/26\/2026<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>The protection of the private information of Augsburg community members is of critical importance to the IT Department. \u00a0The three components below describe in broad terms how the institution is protecting that private information. \u00a0In addition, this program ensures compliance with Title IV financial aid requirements for protecting student financial aid information. Augsburg is taking &hellip; <a href=\"https:\/\/sites.augsburg.edu\/it\/policies\/information-security-program\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Information Security Program&#8221;<\/span><\/a><\/p>\n","protected":false},"author":37,"featured_media":0,"parent":84,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1055","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/pages\/1055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/comments?post=1055"}],"version-history":[{"count":37,"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/pages\/1055\/revisions"}],"predecessor-version":[{"id":1985,"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/pages\/1055\/revisions\/1985"}],"up":[{"embeddable":true,"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/pages\/84"}],"wp:attachment":[{"href":"https:\/\/sites.augsburg.edu\/it\/wp-json\/wp\/v2\/media?parent=1055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}