var msgHome = "";

var msgAVP = "At the University of Cincinnati (UC) we have a large amount of electronic data. This data consists of intellectual property, regulated data, Personally Identifiable Information (PII), internal use and public use.  Due to the total amount of data that flows through UC’s electronic infrastructure on a daily basis it is a daunting task to secure it, or in many cases even know where all the data is at a given time.   In order to make the task of securing UC’s data more manageable it is critical to establish a Data Protection policy that requires our community members to identify data items needing protection and to separate those from data items that do not need protection.   This same issue is being faced by Government and private industries and currently there is a lack of understanding on the part of senior management in these organizations that focusing attention into a more limited area will greatly enhance the ability of Information Security/Assurance professionals to do the job they have been asked to do.  When resources are limited the only way to truly obtain the successful results with the protection of organizational data that needs protected is to ensure that it is clearly identified and the infrastructure that supports it is also clearly identified. Rather “ than viewing data classification as a burden, IT professionals should view this process as an opportunity to lower costs and complexity while driving value for the business.” (Reed, 2007)<br/><br/>  One way to accomplish this is to create and implement a data classification and labeling scheme for data and for the equipment that the data resides on. International Standards Organization (ISO) 27002:2005 and Information Security/Assurance certifications like CISSP and CISM state that it is a best practice of Security Governance to classify data types within an organization.  This methodology makes it easier to focus security efforts on data that requires protection.  “To be effective, the classification scheme should clearly articulate the association between the data and their supporting business processes. Once meaningful terminology is employed in the classification scheme, a secondary capability will naturally evolve. This capability is the mapping and expression of security characteristics such as ownership, liability and control of data. What distinguishes this from the traditional models is that the security characteristics flow directly from the business process.” (Etges, McNeil, 2008)<br/><br/> While the association between data that needs protected and the data’s associated business process is important there is an additional step that must be taken. It is also important to classify the underlying infrastructure that the data will reside on and be transmitted through. When resources are limited the only way to obtain successful results with the protection of organizational data is to ensure that it is clearly identified and the business processes and infrastructure that supports it is also clearly identified. <br/><br/> Organizational data is under constant and focused attack by black-hats since there is so much monetary gain on their part if the attack(s) they launch are successful. In order to protect this data one must not only know thy enemy but must also have senior management support in order to implement the defensive solutions required to thwart the attack(s).  Not only should senior management be involved in order to push solution design and implementations across the enterprise but as courts and various local and state legislation are finding them to be legally liable if breaches occur “The role of boards of directors“ has morphed and “now extends to ensuring that a company’s data is actively managed in an increasingly technology-intense environment.”  (Trope, et al, 2007)  Here at UC we have taken this to heart and starting July 1, 2009 we will be implementing a Data Protection policy that requires our data to be classified in the appropriate manner.";

var msgAlert = "";

var msgTemp = "<br />Phishing email pretends to be from UC email [1/24/08] <br />Information Security has received a report of a new phishing attempt against UC.  This phishing email requests the user to send their password in a reply email.  UC will never ask for a password to be sent by email! If you have responded to this email and provided your password, you need to change your BOL password (and any other account that uses the same password) IMMEDIATELY <a href='Alert.htm'>Details</a><br />";



//"<br/>UC Students under prosecution for copyright violation [10/21/08] <br/>Peer-to-peer file sharing are not, in themselves, illegal. However, when you install them, they almost always configure themselves so that you are violating the law. UC students are being caught and prosecuted by the copyright holders. Protect yourself. Remove such software from your computers. <a href="http://www.uc.edu/infosec/SoftwareP2P.htm">Details</a><br/> Cyber Criminals continue to target UC with Phishing emails [9/24/08] <br/>The spear-phishing email campaign against UC has been seen in various forms since the beginning of 2008. This phishing email requests the user to send their password or other sensitive information in a reply email. UC will never ask for a password to be sent by email! If you have responded to this email and provided your password, you need to change your BOL password (and any other account that uses the same password) IMMEDIATELY <a href="http://www.uc.edu/infosec/Alert.htm">Details</a></br>";