Wednesday, January 17, 2007 - Almanac Vol. 53, No. 18
What keeps you up at night?
If the answer is: I have a lot of personal, sensitive data in a database or application and I’m not sure I’m protecting it appropriately, you are not alone, and unfortunately, your concerns may very well be valid!
Many faculty and staff at Penn are now learning different ways of building databases and applications to run administrative and academic functions -- but many have not had the security training to minimize the risks of hackers accessing data, physical theft, web crawlers like Google picking up the data and making it publicly searchable, and other risks that are all too real in today’s world.
A new tool is now available to help you identify the top privacy and security risks, and more importantly, identify strategies that help to minimize those risks. It is called the Security and Privacy Impact Assessment (SPIA) and was developed jointly by Information Systems and Computing and the Office of Audit, Compliance, and Privacy. The process is described and the tool available by visiting www.upenn.edu/privacy and clicking on "Conduct Your Own Security and Privacy Impact Assessment." We are all much better off finding security holes and plugging them through our own proactive activities rather than hearing about them from others once the damage has already been done.
If you have questions about the SPIA process or tool, please write to firstname.lastname@example.org. An ounce of prevention . . . still makes sense.