Module #2: Module #2: What Sensitive Data is and how to What Sensitive Data is and how to

handle ithandle it

Module 2 is approximately 3min and 30 sec.

What is Sensitive Data?What is Sensitive Data?• The City of Albuquerque handles a great deal of sensitive information, including data known as

Personally Identifiable Information commonly called PII. PII is targeted by hacker because it is highly valuable information that can be used for identity theft, fraud, or used to attack other organizations.

• The improper disclosure of sensitive data can cause great harm and embarrassment to City and its staff. Each of us is responsible for the protection of any sensitive data in our custody.

• PII is defined as any information that can identify a specific individual, such as Social Security Numbers and passport numbers, your driver’s license number, or any other personally identifiable information.

Who is responsible for keeping Who is responsible for keeping Sensitive Data safe?Sensitive Data safe?

Sensitive data comes in many forms which include, electronic, printed, voice, etc.

Because PII information is so valuable, and because we are committed to protecting the rights and privacy of others, it Is each of our responsibilities to take steps to protect PII or any other highly confidential information.

Protecting Sensitive DataProtecting Sensitive Data

The following tips will help in the protection of this data.

• ensure that sensitive data is stored only on authorized systems. These are systems that have strong security measures such as strict controls on how they are configured and who can access them.

• ensure that only authorized people who have a need to know can access sensitive data. This means these individuals not only have prior management approval to access such data, but they need access to accomplish their job responsibilities.

• To prevent the spread of a virus or worm, only use authorized mobile devices that have been approved. Scan all contents on the device with current anti-virus before opening any files

Protecting Sensitive Data (con’t)Protecting Sensitive Data (con’t)

• Never store un-encrypted sensitive data on a portable device. If you transfer PII or any other sensitive data, use only secure, authorized methods that support encryption (e.g. Secure FTP, encrypted thumb drives). Do not transfer sensitive data using insecure means, such as email.

• Never print sensitive data on a printer that is publicly accessible

• All physical and electronic PII and other sensitive information that is no longer necessary or appropriate to store should be properly destroyed, shredded, or rendered unreadable. For digital media such as hard drives or USB flash drives, this means they should either be physically destroyed or the media should be entirely wiped

Questions Module 2: Sensitive Questions Module 2: Sensitive DataData

Question #1: Who’s responsibility is it to protect Sensitive Data?

A. The owner of the data

B. The IT liaisons for each department

C. The IT Department

D. The supervisor of the department

E. The person using the data

F. All the above

Questions Module 2: Sensitive Questions Module 2: Sensitive DataData

Question #1: Who’s responsibility is it to protect Sensitive Data?

The answer is F.

Everyone is responsible for the protection of Sensitive Data.

Questions Module 2: Sensitive Questions Module 2: Sensitive DataData

Question #2: What are some methods to best protect sensitive data?

A. Ensure that sensitive data is stored only on authorized systems

B. Allow all staff to have access to sensitive data as it is public data anyway

C. Never store un-encrypted sensitive data on a portable device.

D. You should scan all contents of a mobile storage devices such as USB flash drives, external hard drives with current anti-virus before opening any files

E. A, C, D

F. All the above

Questions Module 2: Sensitive Questions Module 2: Sensitive DataData

Question #2: What are some methods to best protect sensitive data?

The answer is E,

A. Ensure that sensitive data is stored only on authorized systems

C. Never store un-encrypted sensitive data on a portable device.

D. You should scan all contents of a mobile storage devices such as USB flash drives, external hard drives with current anti-virus before opening any files

E. A, C, D

Questions Module 2: Sensitive Questions Module 2: Sensitive DataData

You have completed Module 2 on Sensitive Data. To learn about Phishing attacks and how to recognize and not be a victim of a phishing attack, continue to module 3.