Information Protection @ MIT


Protecting information is easier said than done, but the efforts can be mitigated by raising awareness of data security issues and implementing a security program that outlines how the MIT community can protect its sensitive and confidential information.

In addition to this information, users need resources available to them to carry out the responsibilities as outlined in the WISP. The resources in this section address this need.

Steps for Reaching Compliance


1. Know what you have

a. Data inventory

b. IdentityFinder


2. Minimize what you have by removing what you don't need

a. Redaction

b. Shred/Destroy


3. Protect what you need to keep

a. Encryption

b. Limit access

c. Secure systems

d. Language for 3rd party vendors


4. Limit intake and collection

a. Data handling policies

b. Business processes

back to top