Skip to main content.
Information Technologies Security Program
IT Security Program Home > Information Technologies Security Program Home Page > Data Security

Data Security

Data Security refers to those practices, technologies and/or services used to ensure that security safeguards are applied appropriately to data that is provided, processed, exchanged and/or stored by the University.

The term "data" includes, but is not limited to, data in a database, information about an operating system (OS), operational policies and procedures, system design, organization policies and procedures, system status, and personnel schedules. Data security safeguards aim to sustain the level of integrity, availability and confidentiality of this data, consistent with University's policy.

Data security is the responsibility of the data steward. The appropriate types/pieces of data (procedures, databases, operating documents, etc), and their level of sensitivity, are identified as part of the business impact analysis and risk assessment.

Examples of data security safeguards include University-developed procedures (e.g., information distribution and change management procedures), vendor-delivered configurable controls (e.g., automatic screen savers), and add-on technologies (e.g., hashing algorithms). Data security safeguards are clearly interdependent with other safeguards described in the University's IT security program (e.g., physical security, authentication, authorization, and encryption).

[Adapted from materials provided by the Virginia Alliance for Secure Computing
and Networking (VA SCAN -- see http://www.vascan.org )]

University Standards for Data Security

  1. The University identifies specific stewards of data in its information systems (for a listing of stewards of major collections of data at the University, see the listing in an appendix to the University's Administrative Data Access policy and procedure -- http://www.umw.edu/policies/admin_data/appendix_c_current_listing.php).
  2. Stewards determine the appropriate levels of data security required for their data, including identifying and documenting files and data elements to be protected, and implement security through formal processes of review, including notably the "Banner User Account Request Form."
  3. All sensitive data must be removed from system hardware, software or media under supervision of the appropriate data steward(s) prior to its "reuse" by another University office. Similarly, all sensitive data must be removed from system hardware, software or media under the supervision of the appropriate data steward(s) prior to its disposal, including via surplus property mechanisms.