|
Identity theft complaints represented 37 percent of the almost 700,000 complaints received in 2005 according to a 2006 FTC
report. This report also indicated that Internet-related complaints account for 46 percent of all fraud complaints. A recent
report from the Department of Justice revealed that in the first six months of 2004, 3 percent or 3.6 million of all U.S.
households were victims of identity theft at a cost of $3.2 billion.. Data theft or loss is a major concern and media documented incidents
have highlighted the susceptibility of college and universities data collections.
The BGSU CELO project is a
long term security measure
to protect the privacy
of BGSU related data
and intellectual property.
| CELO (KAY-low) - a Latin phrase meaning to cover, shield, protect or defend |
CELO [Strategy]
With the ultimate goal of protecting the confidentiality, integrity, and availability of BGSU related data, the CELO project
will utilize a culmination of technologies to be successful. Some of these technologies can stand alone to provide functional
protection of data, other technologies are dependent upon the proper implementation of additional technologies. The CELO Strategy
Project tracks the other related CELO projects, monitors industry changes, and establishes long term strategy. Utilizing the
Critical Path Methodology, managing policy development, project communication, and related training is also a key function
of the Strategy Project.
The CELO Project Plan Consists of Interrelated Components
- Altiris Information Technology Asset Management Project
As the use of technology grows and evolves the means used to support this technology also needs to evolve and progress. To
advance the technology support infrastructure, BGSU has purchased Altiris Total Management Suite. Altiris provides for a managed
model of support including hardware and software inventory, security patch management, help desk integration, software installation,
and data recovery. This product is very comprehensive and the plan is for it to be implemented in phases.
Altiris Information
MyFiles is a secure network file storage system powered by Xythos that allows account holders to upload, access, store, retrieve
and share files using a web browser (MyFiles.bgsu.edu).
Encryption and Electronic Signatures require a digital identity to accomplish the equivalent of what, for instance, a driver'
license or other trusted photo ID does today, except across a computer network. Managing these credentials requires new technologies
and procedures, which are being researched as part of the CELO Public Key Infrastructure [PKI] Project.
The CELO Encryption Project involves the research and development of technologies and procedures necessary to encrypt all
data on a computer's hard drive to preserve information privacy in the event of theft of the computer. This project also
involves research into encryption technologies for other information privacy purposes in the future.
Whole Disk Encryption Information
The CELO E-Signatures Project involves the research and development of technologies and procedures necessary to implement
electronic signatures that will replace or augment procedures using hand-written signatures on paper documents today. Certain
documents may require different technologies and/or techniques based upon the sensitivity of the transaction and Federal and
State laws and policies governing their use. In order to provide a robust, dynamic solution for electronic signatures a PKI
must be successfully implemented.
|
Project Milestones
|
|
January 17, 2006
|
CIO-Inform message to BGSU campus from Bruce Petryshak, CIO |
|
February 1, 2006
|
CELO project team convened |
|
May 12, 2006
|
CELO Enterprise Encryption RFP issued |
| June 7, 2006 |
RFP Closing Date |
|
June 26 - July 31, 2006
|
RFP Presentations and Review |
|
August 1, 2006
|
Vendor negotiations begin |
|
December 4, 2006 -
|
Contract with PGP signed |
|
February/March 2007
|
Onsite software and hardware installation completed |
|
June 29, 2007
|
Deployment to pilot group complete |
|
August 1, 2007
|
Deployment to Microsoft Windows based laptops containing sensitive information begins |
|
January 1, 2008
|
PGP users = 292 |
CELO Related Documents
CIO-Inform January 17, 2006 Memorandum
June 29, 2007 Memorandum regarding Data Security
July 2, 2007 Electronic data Privacy and Records Retention Policies Memorandum
Enterprise Encryption RFP
CELO Related Articles
BGSU ITS Information Security & Privacy Brochures
Relevant Links
BGSU ITS Information Security & Privacy
BGSU Sensitive Data Policy - Interim Policy
HIPAA - Health Insurance Portability and Accountability Act
FERPA - Family Educational Rights and Privacy Act
GLB - Gramm-Leach-Bliley Act
PCI-DSS - Payment Card Industry Data Security Standard
Ohio House Bill 104 - Ohio Breach Notification Act
Rule 123:3-1-01 of the Ohio Administrative Code - Use of Electronic Signatures and Records
http://www.privacyrights.org/ar/ChronDataBreaches.htm
|
