Tim,

I believe there was prior notification that this was happening, but since I’m not involved in the project or the technical contact for any of the sites being checked I wouldn’t have a copy.

From: Tim Heckaman
Reply-To: Tim Heckaman
Date: Friday, August 14, 2015 at 1:00 PM
To: "[log in to unmask]"
Subject: Re: [MSUNAG] Web Survey

I’m assuming that notification that this was happening went out and I just missed it? Is there another ListServe that this kind of information is being sent too that I should subscribe too?

 

From: Murray, Troy [mailto:[log in to unmask]]
Sent: Friday, August 14, 2015 12:55 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Web Survey

 

Tim,

 

This is a legitimate email and is one of the IT Services CIO-approved IT Stabilization projects. The MSU IT Service Desk (517-432-6200) can also help with good questions like this, especially because if messages like this are not legitimate they would also start the mitigation process.

 

 

 

From: Tim Heckaman
Reply-To: Tim Heckaman
Date: Friday, August 14, 2015 at 12:41 PM
To: "[log in to unmask]"
Subject: [MSUNAG] Web Survey

 

I’m curious as to if anyone knows anything about a “Survey” being conducted by a consultant brought on by “University Systems” inquiring about specifics of domain hosted websites?

I know I’m a paranoid person (as most people in IT are) so I’m looking to see if anyone else has gotten an email like the one below.

 

Good Afternoon,

 

You have been identified as a technical contact for MSU hosted site domain: “ “

 

To complete our documentation update, please take a moment to answer the following questions to the best of your ability?

 

If it is easier to meet in person please let me know and I can make arrangements to meet where convenient for you.

 

Thank you in advance for your assistance.

 

1.       What is the approximate date the website was created?

 

2.       What is the website mainly used for?

 

 

3.       What is the frequency of use/visitation for the website?

a.        Daily

b.       Few times per month

c.        Few times per year

d.       Other: _____________________________________________________________

 

4.       What type of database is used in this website if applicable (for example: MySQL, Access, etc.?)? If applicable what is the database version?

 

5.       Does this website collect or display Social Security Numbers?

a.        Yes

b.       No

c.        Other:____________________________________________

 

6.       HIPAA Data: Please highlight any of the data points that this website collects/stores, or displays online. (Leave un-highlighted if you do NOT collect/store, or display)

a.        Patient Name

b.       Patient Address

c.        Patient City

d.       Patient State

e.       Patient Zip

f.         Patient Clinical or Diagnostic Data

g.        Patient Date of Birth

h.       Other (please provide any additional detail if applicable):_________________________________________________________________________________________________________________________________________________

 

 

7.       FERPA Data: Please highlight any of the data points that this website collects/stores, or displays online. (Leave un-highlighted if you do NOT collect/store, or display)

a.        Student Name

b.       Student Address

c.        Student City

d.       Student State

e.       Student Zip

f.         Student Grades

g.        Student Date of Graduation

h.       Student Date of Attendance

i.         Student Enrollment Record

j.         Student Schedule

k.        Student Class List

l.         Student Ethnicity

m.      Other (please provide any additional detail if applicable):_________________________________________________________________________________________________________________________________________________

 

8.       PCI Data: Please highlight any of the data points that this website collects/stores, or displays online. (Leave un-highlighted if you do NOT collect/store, or display)

a.        Primary Credit Card Account Number

b.       Credit Card Holder Name

c.        Credit Card Service Code

d.       Credit Card Expiration Date

e.       Credit Card Full Track Data

f.         Credit Card CAV2/CVC2/CVV2/CID

g.        Credit Card PIN

h.       Other (please provide any additional detail if applicable):_________________________________________________________________________________________________________________________________________________

 

9.       Website Security: Please highlight any of the data points that this website has in place. (Leave un-highlighted if you do NOT have in place)

a.        Site uses https in the URL

b.       Site requires users to authenticate

c.        Site has password obsolescence in place

d.       Site has data encryption in place

e.       Site has 2 factor authentication in place

f.         Site has access control list on folders

g.        Other (please provide any additional detail if applicable):_________________________________________________________________________________________________________________________________________________

 

10.    Accessibility: Has this website been updated to meet the current WCAG 2.0 Accessibility Standards?

a.        Yes

b.       No

 

 

Tim Heckaman

IT Administrator

517-884-0362

MSU Surplus Store & Recycling Ctr.

468 Green Way.

East Lansing, MI 48824