大发

password iconPASSWORD
MANAGEMENT
Your  Account:
password iconPASSWORD
MANAGEMENT
Instructional and Information Technology Services (IITS)

What is the Data Classification Inventory?

data

You may have received a link from infosec@csusm.edu with a Qualtrics link starting with csusm.co1.qualtrics.com. This is IITS鈥 Confidential Data Classification Inventory, a mandatory inventory for ALL faculty and staff as stipulated by CSU Policy. This inventory is not spam, and you will have 2 weeks to complete this inventory.

The purpose of this inventory is to identify and classify personnel access and handling of Level 1 and Level 2 data, describe below. This enables 大发 is able to appropriately respond to a potential breach of security and make improvements to storage and access methods if necessary. It is very important that the questions are reviewed thoroughly and answered accurately. Your responses will be kept in a secured with limited access by members of the security team.

The Data Classification Standard adopted by the CSU.

Examples of Level 1

Confidential information include but are not limited to:

  • Passwords or credentials that grant access to level 1 and level 2 data
  • PINs (Personal Identification Numbers)
  • Birth date combined with last four digits of SSN and name
  • Credit card numbers with cardholder name
  • Tax ID with name
  • Driver鈥檚 license number, state identification card, and other forms of national or international identification (such as passports, visas, etc.) in combination with name
  • Social Security number and name
  • Health insurance information
  • Medical records related to an individual
  • Psychological Counseling records related to an individual
  • Bank account or debit card information in combination with any required security code, access code, or password that would permit access to an individual's financial account
  • Biometric information
  • Electronic or digitized signatures
  • Private key (digital certificate)
  • Law enforcement personnel records
  • Criminal background check results

Examples of Level 2

Internal Use information include but are not limited to:

  • Identity Validation Keys (name with) - Birth date (full: mm-dd-yy) - Birth date (partial: mm-dd only)
  • Photo (taken for identification purposes)
  • Student Information-Educational Records not defined as 鈥渄irectory鈥 information, typically: 
    • Grades, Courses taken, Schedule, Test Scores, Advising records, Educational services received, Disciplinary actions, Student photo
  • Library circulation information.
  • Trade secrets or intellectual property such as research activities
  • Vulnerability/security information related to a campus or system
  • Campus attorney-client communications
  • Employee Information, Employee net salary, Home address, Personal telephone numbers, Personal email address, Payment History, Employee evaluations, Pre-employment background investigations, Mother鈥檚 maiden name, Race and ethnicity, Parents鈥 and other family members鈥 names, Birthplace (City, State, Country), Gender, Marital Status, Physical description, Other
  • Location of critical or protected assets
  • Licensed software

If you have any questions, feel free to contact us by emailing infosec@csusm.edu.