Computer Workstation and Laptop Security Assessment Questions
If a computer is suspect of virus or malware attack, the end user will be asked the following questions to assess the potential risk of Restricted or Sensitive data exposure.
Your computer may have been attacked by a virus/malware threat, as a result campus security has block the computers access to the network and internet. In order to restore the computers access would you please review the following questions and follow up with your computer support staff and manager. Do you know if any of the following types of *Restricted* and *Sensitive* information is stored on the computer, or if you have access to any of the following types of information from the computer. There are two types of data, Restricted and Sensitive.
1. *Restricted* data (covered by a statute of some kind),
• Social security numbers
• Driver’s license numbers and state resident/personal identification numbers
• Financial account number (including credit/debit card) or any security code, access code or password that would permit access to an individual’s financial account
• Deoxyribonucleic acid (DNA) profile, as defined in WI S. 939.74(2d)(a)
• Unique biometric data, including fingerprint, voice print, retina or iris image or any other unique physical representation
• Protected health information (any information about the health status, provision of health care, or payment for health care) (except workman’s comp)
2. *Sensitive* data: any other data that may not be covered by a statute, but which the University has defined to be of interest, per the sensitive information definition: http://it.wisc.edu/wp-content/uploads/SensitiveDataDefinition.pdf
If there is *restricted* data either stored or accessed from the computer, We are required to coordinate with UW CIO Office https://it.wisc.edu/about/office-of-the-cio/ immediately to do a forensics on the computer to determine if there was a data breach.
If there is *sensitive* data involved, SMPH can make that determination, and if we think there is reasonable risk of data disclosure, only then would it have to be reported to https://it.wisc.edu/about/office-of-the-cio/