Columbia Campus IT SecurityUMKC IT SecurityRolla Campus IT SecuritySt. Louis Campus IT Security

Data & Assets

Device DCS Guidelines

User Responsibilities

What does the Device DCS cover?

Laptops, desktops, tablets, smartphones, flash drives and other portable storage drives used for work purposes regardless of ownership.

What do I need to do to comply?

Additional steps you can take to secure devices both at work and at home:

Note: If your University-issued computer is not managed by an IT professional or if it uses a non-standard operating system such as Linux, consult with your campus IT division and/or with your campus Information Security Officer.

DCL Cheat Sheet

The creator/manager (e.g., data custodian) of information and data has the latitude to classify data at a level higher than the definitions below. However, data/information cannot be classified at a lower level than the definitions below unless approved by your ISO.


DCL Cheat Sheet General Guidelines

DCL1:
Public Data

Most Web page content

Policies

Meeting agendas and minutes

Strategic plans

Marketing messages

DCL2:
Sensitive Data

Internal memos

Procedures

Budgets

Business emails and other correspondence

Project plans

Drafts

DCL3:
Restricted Data

Non-directory student information

Financial aid information

Donor information

Job candidate resumes and applications

Personnel evaluations and other HR-related information such as EMPLID

Some forms of intellectual property and unpublished research

Floor plans, diagrams, etc.

Birthdates and other personal information

Applicable laws (not exhaustive): FERPA, GLBA, Federal Trade Commission regulations on identity theft protection

DCL4: Highly
Restricted Data

Social Security Numbers

Patient information

Credit card numbers

Biometric data

Passwords

Intellectual property including information and data with commercial value

Information/data affected by federal export control regulations

Documentation about critical infrastructures (floor plans, power systems, diagrams, etc.)

Applicable laws and standards (not exhaustive): HIPAA, Payment Card Industry (PCI), Missouri Breach Law, federal export control laws