Education; Healthcare - Samsung MFP SECURITY White Paper

SAMSUNG MFP SECURITY
3.1.2

Education

Education requirements include protecting data from teachers, students, or other staff who engage in unauthorized
behavior, either knowingly or inadvertently. These activities can include: improper storage of passwords, students
practicing their hacking abilities, and individuals attempting to access the system to modify their grades. Many of these
risks can be avoided by implementing usage policies. These policies can add clarity to the tasks required of the network
administrator. The policies should include the following:
• Password Policy
•
Acceptable Use Policy;
•
Anti-Virus Procedures;
•
E-mail Policy;
•
Remote Access Policy;
•
Encryption Policy;
•
System Audit Procedures;
• Confidentiality and Data Distribution Procedures
•
Copyright Compliance Policy.
Regulatory requirements that require these practices include the following:
•
FERPA
A federal law that protects the privacy of student education records.
•
FISMA
Requires a mandatory set of processes that must be followed for all information systems used or operated by a U.S.
federal government agency.
•
HSPD-12
A common identification standard used to ensure that government facilities and sensitive information stored in
networks remain protected.
3.1.3

Healthcare

The healthcare industry is required to manage highly sensitive and private information for all of the patients in the system.
Advances in IT have allowed them to manage this data more efficiently and cost-effectively, and it has allowed patients to
be more proactive in managing their personal healthcare data. Now medical records are documented electronically in the
exam room, patients can request their records over e-mail, and health records can be accessed online. All of these
advances in management, distribution, and storage of health records also make them vulnerable to unauthorized access.
Regulations requiring the healthcare industry to protect this information from unauthorized access include HIPAA
compliance.
HIPAA Compliance
Electronically-distributed patient information requires strong data security. The Health Insurance Portability and
Accountability Act of 1996 (HIPAA), requires that Protected Health Information (PHI) remain secure at all times. In
addition, recent regulations and mandates from the Department of Health and Human Services apply to HIPAA covered
entities and any of their business associates that "access, maintain, retain, modify, record, store, destroy, or otherwise
hold, use, or disclose unsecured PHI."
Page - 11 Copyright 2014 Samsung Electronics Co., Ltd., All rights
WHITE PAPER
reserved.