Information Protection @ MIT

Resources

Protecting information is easier said than done, but the efforts can be mitigated by raising awareness of data security issues and implementing a security program that outlines how the MIT community can protect its sensitive and confidential information.

In addition to this information, users need resources available to them to carry out the responsibilities as outlined in the WISP. The resources in this section address this need.

Steps for Reaching Compliance

 

1. Know what you have

a. Data inventory

b. IdentityFinder

arrow

2. Minimize what you have by removing what you don't need

a. Redaction

b. Shred/Destroy

arrow

3. Protect what you need to keep

a. Encryption

b. Limit access

c. Secure systems

d. Language for 3rd party vendors

arrow

4. Limit intake and collection

a. Data handling policies

b. Business processes

back to top