About  |  Contact Us  |  Register for Benefits  |  Login  |  View/Edit Your Profile  |  Consulting  |  Principal & Founder  |  Sponsorships  |  Legal & Privacy

  Home      Blog      Job Board      Community      Contribute      Vendor Listings      Search Site
  Employment  |  More With Less  |  Potpourri  |  Records  |  Reporting  |  Research  |  Revenue  |  Samples  | Systems  |  Web Sightings
 
  Security. Systems
Security Home | Problems and Risk Assessment | Sources of Attacks | Stopping Attacks | Summary
SecurityOverview

Security of data and information needs to be considered in everything we do.

Donor and prospect information is particularly sensitive and could subject an institution to public exposure and admonishment if this critical information was leaked or stolen.

We are entrusted by our prospects and donors to maintain confidentiality and to safeguard their information and if this trust is misplaced it will have an adverse our ability to raise funds.

We are also typically responsible for maintaining the list of alumni, and the possible misappropriation of this information for commercial or other purposes has great appeal for criminals. This data is not just an average cross section of the population, but represents the higher income earners and achievers in society.

In addition to basic biographical information, most advancement and development systems and organizations retain much more in-depth information on the higher level donors and prospects, and this information must be protected. We also have the additional issues of protecting donor anonymity when requested by donors. Many organizations purchase mailing lists, and these lists are the most valuable.

These few pages on security are not intended to be an in-depth review and analysis of security policies and procedures, but represent a basic summary and discussion of practices that you should consider.

The topic of security is broad and covers many areas from locking down your desktop computer to the more complex issues of digital rights management, hard copy information and data backup and recovery strategies.

Managing security is one of the most important trends in information technology. With the advent of virus attacks, identity theft, hackers trying to get into your corporate networks, and theft of data, we need to improve our vigilance and management practices.

Current publicity regarding breaches in security for higher education data has been limited and educational institutions have been spared some of the public scandals associated with some breaches such as the posting of credit card or social security numbers on public web sites.

However, it is just a matter of time before sensitive and public donor information is accessed and makes an interesting front page news story.

With recent changes in laws regarding fiduciary responsibility of management, executives and directors are much more personally accountable for security operations than they have been. Breaches can cause loss of employment and personal lawsuits.

Managing security needs to move from one of your check items, to one of your most important regular agenda items.

Security:
   Supportingadvancement.com
Computer Security InstituteSecurity
 
Supportingadvancement.com FIRST – Forum of Incident Response and Security Teams
 
Supportingadvancement.com Industry Canada – Online Security and Privacy Guide
 
Supportingadvancement.com Microsoft – Baseline Security Analysis Tool, newsletters and other tools. Free seminars.
 
Supportingadvancement.com National Cyber Security Partnership – Public private partnership to make cyberspace more secure.
 
Supportingadvancement.com PC Magazine Utilities – A number of free tools such as spyware detectors.
 
Supportingadvancement.com Software Engineering Institute – Papers
 
Supportingadvancement.com Threats and Countermeasures From Microsoft. A free 900+ page document on improving web security.

Sites with privacy legislation, policies and procedures:
   AFP Toronto ChapterSecurity
 
AFP Canadian Public Policy on Privacy
 
Australian Government Privacy Office
 
CASE – Foundation Independence and Donor Privacy
 
Canadian Department of Justice Policy on Access to Information and Privacy
  Direct Marketing Association. Privacy policy generator.
 
Information and Privacy Commissioner of Ontario (IPC) Web site
 
Ontario’s Consultation on Privacy Protection
 
Privacy Commissioner of British Columbia
 
Privacy Commissioner of Canada
 
PrivacyInfo.ca
 
Privacy is Your Business from CIO
 
Privacy Rights Clearinghouse

On this site:
 
Data Backup and Recovery Strategies
 
Democracy and Responsibility. Additional security considerations given break-ins and compromises of higher ed data.
 
Employment Pages. Confidentiality agreements.
 
Privacy Architecture
 
Privacy Audit Questionnaire
 
Privacy Policy Statement
 
Privacy Principles
 
Privacy Recommendations
 
Releasing Alumni Information
 
Security Survey
 
Shadow Databases

 
  ↑  Top of Page  |  Samples Page  |  Sample Forms  |  Favorite Reports  |  Frequently Asked Questions  |  Glossary of Terms