Resource Management, Data Integrity, and Computing Environment

presenterbelchΔιαχείριση

18 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

74 εμφανίσεις

Resource Management,
Data Integrity, and the
Computing Environment

Sandra Featherson

Office of the Controller

Doug Drury

Information Systems &
Computing

September 15, 2011

Agenda


Computing Environment


Resource Management


Data Integrity


Computing Environment

Maintaining a reliable computing
environment:



Why is this important?


Computing Environment

Physical Security


Equipment is properly secured


Equipment is maintained


Computing Environment

Systems Development


IS
-
10


UC Policy


Establish a plan


Well trained technical professionals


Identify projects


Define scope, benefits, risks, priorities,
timing, and implementation method


Computing Environment

Systems Development


What is ‘System Development’?


Impact of the project


Determine staffing, equipment, and other needs


Funding requirements and sources


Documentation of system


UC Policy


IS
-
2, IS
-
3, IS
-
10, IS
-
11
http://www.ucop.edu/ucophome/policies/bfb/bfbis.html


Computing Environment

Other Things to Think About:


Systems Management


Password Maintenance


Disaster Recovery


Separating Employees

Electronic Personal Information:
What Is It?


SB1386 designed to address
identity theft


took effect July 1
st
, 2003


added
§
1798.29,
§
1798.82 to State Civil Code (Information Practices Act)


created disclosure requirements upon a security breach of systems containing
“unencrypted” personal information



An individual’s first name or initial and last name in combination with
one or more of the following:


Social Security Number


Driver’s License Number


Financial account or credit card number in combination with any password that would
permit access to the individual's account


See
http://www.oit.ucsb.edu/committees/itpg/sb1386.asp

for more
information

Electronic Personal
Information

UCSB Campus Roles


Data Proprietor

-

A personal information data
store proprietor is the department director or
senior manager who is the functional owner of
the application that is the primary source of the
personal information. It is the responsibility of the
data store proprietor to ensure that the inventory
of personal information data stores is kept
current for the data stores for which the
proprietor is responsible.

Electronic Personal
Information

UCSB Campus Roles


Data Custodian

-

A
personal information data
store custodian is an individual or organization
that is responsible for providing technical or
system administration support for the data store.
It is the responsibility of the personal information
data store custodian to ensure that the
implementation and administration of the
personal information data store conforms to IS
-
3
requirements, as a minimum, and to campus and
industry best practices for system security where
appropriate.


Campus Sensitive Data Incident Coordinators

-

Doug Drury
doug.drury@asit.ucsb.edu




Karl Heins
karl.heins@oist.ucsb.edu



Electronic Personal Information
Policy & Guidelines


UC Policy IS
-
3 and IS
-
11 define policy regarding
management of Electronic Personal Information
(as well as other information system issues)
http://www.ucop.edu/ucophome/policies/bfb/bfbis.html



UCSB Guideline provides process for handling
exposure of personal information
http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp

Electronic Personal Information
Best Practices


Don’t Store It Unless Absolutely Necessary


If You Do Store It


Follow IS
-
3 Policy


Retain contact information for stored individuals


Submit Inventory Data To Campus Coordinators
(
doug.drury@asit.ucsb.edu
) and / or


(
karl.heins@oist.ucsb.edu
)


Follow Industry Best Practices For System Security


UC Electronic Communication Policy allows UC
campuses to encrypt personal information data
stores


ENCRYPT IF POSSIBLE
http://www.ucop.edu/ucophome/policies/ec/

Electronic Personal Information

Incident Process


Incident Detection


Requires active monitoring of data store


Requires extensive analysis to determine if a breach
as occurred


UCSB Guideline provides assessment guidance

http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp


Incident Handling Process


Follow the UCSB Guideline closely


Allow appointed UCSB/UC officials to handle any
communication


Electronic Personal Information
Information Sources


UC Policy:
http://www.ucop.edu/ucophome/policies/bfb/is3.pdf


UCSB Guideline:
http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp


California Law:
http://www.oit.ucsb.edu/committees/itpg/sb1386.asp


Finally


The UC/UCSB definition of
Personal Data is evolving. You will be kept
up to date if the definition changes

Resource Management


Financial Data


Value of Budgets


Analyze Costs, Benefits, and Risks


Asset Management

Resource Management:

Financial Data


Verify data is accurate and complete


Compare GLO60 to any Shadow System


Review significant deviations


Document corrective action

Resource Management:

Value of Budgets


Represents your financial plan for future
periods


Decisions based on data


Proper use of resources


Valuable control


Evaluate resource opportunities

Resource Management:

Value of Budgets

Budget for:


Departmental Operations


Events


Projects


Resource Management and

SAS 112

Department Key Controls


GL Reconciliation


Review of Budget Reports


Equipment Inventory

Scenario #1

Your department is hosting an international
conference. The expected number of
participants is 250. Pre
-
registration is
required. The PI, who is the host, believes
$500 is the going rate for conferences.

In Groups:

List the steps you would take to develop the
budget and track expenditures for the
conference.

Resource Management:

Analyze Costs, Benefits, and
Risks



Something sounds like a good idea,


but is it?

Resource Management:

Analyze Costs, Benefits, and
Risks

Components of Analysis


Statement of Purpose


Statement of Benefits


Assumptions


Impact on administrative support


Resource Management:

Analyze Costs, Benefits, and
Risks

Components of Analysis


Quantify costs (one time vs. on
-
going),
space needs, and capital outlay


Funding sources


Potential risks/problems


Resource Management:

Analyze Costs, Benefits, and
Risks

Components of Analysis


Performance follow
-
up


Did cost projections come in on target?


Did the benefits outweigh the costs?


Did the results meet expectations?


Scenario #2

Your department wants to purchase new
desktops for the office.


In Groups:

Do a cost
-
benefit
-
risk analysis and make a
recommendation to your department about
the purchase of new desktop machines.

Resource Management:

Asset Management


Cash


Receivables


University Resources/Equipment


People

Resource Management:

Asset Management

Cash


Proper receiving and storing


Proper depositing and recording


Reconcile the deposits

Resource Management:

Asset Management

Cash Management:

Short Term Investment Pool (STIP)


Depository bank accounts


Disbursement bank accounts


Vendor


Payroll


Balances are invested in STIP daily

Resource Management:

Asset Management

Cash Management:

Short Term Investment Pool (STIP)


Earnings are credited back to the funds
which generated the interest


The interest for “campus owned” funds is
distributed back to the campus

Resource Management:

Asset Management

Receivables


Do you have any?


Collections


Monitor status


Collection Agencies


Write Off



If you have receivables, you should be
using the BA/RC process

Discussion Item #1


Do you have any cash

management issues?

Resource Management:

Asset Management

University Resources


Use of the University Seal


Use of the University Name/Logo

Resource Management:

Asset Management


Use of the University Name/Logo


Policy 5010:


“Use of the University’s Name”


Use of the University Seal


Policy 5015:


“Use of the Unofficial Seal”


Resource Management:

Asset Management


Campus designees to authorize use of the


seal/name/logo are:


Meta Clow


Mark Beisecker (for commercial products)


Resource Management:

Asset Management

Equipment


Proper purchasing


Proper tracking


Physical assets are compared to recorded
assets and discrepancies are resolved


Proper disposing


Resource Management:

Asset Management

People
-

This is our most important asset!


Proper training


Formal delegations


Current job descriptions


Timely evaluations


Consistent and fair treatment

Data Integrity


Why do we care?

What could go wrong?

Data Integrity

How do you maintain data integrity?


Separation of duties


Small departments might need to partner with
other departments


Adequate documentation and description


Well trained employees

Data Integrity

How do you maintain data integrity?


Compliance with policies and procedures


Coding Transactions Correctly


Reconcile departmental reports to the
GLO60


Reconcile the GLO60 on a timely basis


Record retention

Data Integrity

Coding Transactions Correctly

Types of Costs


Direct


Indirect


Unallowable



Function of Cost


Teaching


Research


Public Service

Purpose of Costs



Travel



Office Supplies



Services



Consistency in treatment
of costs is a critical
policy for the federal
government.

Discussion Item #2

You are given a list of transactions for
today’s activity.





Identify the correct coding for

each transaction.

Data Integrity:

Record Retention

Why is this important?


The institution needs to consistently apply a
records management program


If your practice is to keep everything, you will be
expected to produce what is requested


If you can show that you consistently follow the
record management program, the court will
accept your inability to produce the record


Data Integrity:

Record Retention

How long do we have to keep records?


The UC Records Disposition Schedules
Manual specifies the length of time
records must be maintained by the office
of record and others:




http://www.policies.uci.edu/adm/records/721
-
11a.html


Data Integrity:

Record Retention

Who is the office of record?


The office of record is the office
responsible for retaining the original
record, and for producing a requested
record

Data Integrity:

Record Retention

Who do you call if you have questions?


Meta Clow, the Campus Policy and
Records Management Coordinator:


x4212


meta.clow@vcadmin.ucsb.edu


Questions?