IT Security Homepage | Computer Security Homepage

Securing Highly Sensitive Data

The data in this category require extraordinary protection because it has the potential to cause severe damage to people or the university if it is lost or accessed by unauthorized persons.

Examples include, but are not limited to: extensive personal information lists (sets of information that form a "complete picture" of a person); information that enables changes to grades or other critical data; a file of passwords to other systems; police records; medical records; formulae for dangerous substances; bank account information; internal EEO accusations (or other information that would cause great personal reputational damage); crosswalks (lists that match two ID numbers like SSNs and G Numbers). These are just a sample of the type of data that requires more security than the protections listed in this section.

Security at this level is best handled by in-depth consultation with the Director of IT Security, Curtis McNay. Please contact Curtis to arrange a consultation at (703) 993-4183. If you need assistance implementing the "Security Tips " listed below, please contact the ITU Support Center at (703) 993-8870.

Some Warnings About Highly Sensitive Data:

1. No users should carry or store "Highly Sensitive" data on a laptop or mobile device, unless they have been authorized by their Data Steward, per the Data Stewardship Policy 1114.

2. NIST-certified encryption software should be used to protect Highly Senstive data on mobile devices. If you have been authorized by your Data Steward to carry or store "highly sensitive" data, please contact Bob Nakles, Director of IT Security. He will assist you with getting the appropriate encryption software.

3. Highly Sensitive data should not be accessed from home unless you are using a secure Virtual Private Network (VPN). To use the University's VPN solution please fill out the VPN registration form.

Please read the Commonwealth's guidance on handling of Sensitive Data.