Technology

Security

Information & System Security Portal

Welcome to Western Connecticut State University’s Information Technology security website. This site provides you information about security and tools that are needed to secure and guard your computer against known security threats. This website is a repository of information related to all different areas of system and information security. We encourage you to visit this site regularly for up to date information on information security as technology changes and new threats and vulnerabilities are discovered every day.

Data Classification

Information, which by law is confidential, must be protected from unauthorized access or modification. Data, which is essential to critical functions, must be protected from loss, contamination, or destruction.

Data Classification is the process of grouping data elements together by risk level. WCSU has identified four Data Classification Levels (DCL) from 0 to 3. Appropriate security controls will be applied to each classification level. Increasingly restrictive data management and security practices are required for each level, with DCL0 requiring limited protection to DCL3 (formerly referred to as Class A Data) requiring the most protection.

Data Classification

Data Classification Level (DCL)

Description

Examples

3

DCL3

(Protected Confidential)

Level 3 is protected confidential data, which comprises identity and financial data that, if improperly disclosed, could be used for identity theft or to cause financial harm to an individual or WCSU.
Security at this level is very high (highest possible).
 Identity Data with:

  • Social Security number
  • Bank account or debit card information
  • Credit card number & cardholder information
  • Student Loan Data

2

DCL2

(Restricted)

Level 2 is restricted data that is available for disclosure, but only under strictly controlled circumstances.
Such information must typically be restricted due to proprietary, ethical or privacy considerations.
An example of such restrictions is the FERPA guidelines that govern publication and disclosure of student information.
Security at this level is high.
Identity Data with:

  • Birth date
  • Mother’s maiden name
  • Academic records (e.g. Grades, Test scores, Courses taken, etc.)
  • Student Records (e.g. Advising records, Disciplinary actions)
  • Employee Records

1
DCL1
(Internal)

Level 1 is internal data that has not been approved for general circulation outside WCSU where its disclosure would inconvenience WCSU, but is unlikely to result in financial loss or serious damage to credibility.
Security at this level is controlled but normal.
  • Internal memos
  • Minutes of meetings
  • Internal project reports

 

0
DCL0
(Public)

Level 0 is public data that has been explicitly approved for distribution to the public. Disclosure of public data requires no authorization and may be freely disseminated without potential harm to WCSU.
Security at this level is minimal.
  • Advertising
  • Public Directory Information
  • Press Releases
  • Job postings
  • Campus Maps
  • WestConn Account (Windows Account)

 

 

Critical Virus Alerts Latest Security News
Current Threats

   Spy-Agent.bw
Lowprofiled Risk trojan
   W32/Checkout!91d0b88a
Lowprofiled Risk worm
   Downloader-UA.h
Medium Risk trojan

More Virus Info

Cyber Security News
Government and Bank Websites Flunk New Security and Privacy Test
Wed, 28 Jun 2017 00:00:00 -0400

Websites run by the country’s largest banks and the U.S. federal government scored the…

Learning from the U.S. Military: How Solar-Powered Microgrids Can Improve Your Company’s Security
Tue, 27 Jun 2017 13:45:52 -0400
Similar to the U.S. military, modern companies would be crippled without power from the electric…
How to Change Behavior for Stronger Security System Cybersecurity
Tue, 27 Jun 2017 13:34:32 -0400
There is a world of difference between knowing the right thing to do and actually following…
Critical Security Alerts

US-CERT Alerts
TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
Tue, 13 Jun 2017 15:45:09 +0000
TA17-163A: CrashOverride Malware
Mon, 12 Jun 2017 21:44:47 +0000
TA17-156A: Reducing the Risk of SNMP Abuse
Tue, 06 Jun 2017 00:11:16 +0000
TA17-132A: Indicators Associated With WannaCry Ransomware
Sat, 13 May 2017 01:36:36 +0000
TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
Thu, 27 Apr 2017 22:50:51 +0000
TA17-075A: HTTPS Interception Weakens TLS Security
Thu, 16 Mar 2017 12:40:42 +0000
TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
Thu, 01 Dec 2016 05:00:00 +0000
TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets
Fri, 14 Oct 2016 23:59:41 +0000
TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
Tue, 06 Sep 2016 22:29:52 +0000
TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
Tue, 05 Jul 2016 14:50:24 +0000

More Advisories