maintaining security while using computers
Download
Skip this Video
Download Presentation
Maintaining Security While Using Computers

Loading in 2 Seconds...

play fullscreen
1 / 34

Maintaining Security While Using Computers - PowerPoint PPT Presentation


  • 108 Views
  • Uploaded on

Maintaining Security While Using Computers. What all of Our Computer Users Need to Know. What You Need to Know. ALL staff - even those that don’t use computers - need to know some things about security What “Data Stewardship” means

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Maintaining Security While Using Computers' - odysseus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
maintaining security while using computers

Maintaining Security While Using Computers

What all of Our Computer Users Need to Know

what you need to know
What You Need to Know
  • ALL staff - even those that don’t use computers - need to know some things about security
  • What “Data Stewardship” means
  • New Information Security Policies and Procedures mean new rules for computer users
  • How to fulfill your responsibility to help keep our computers safe from computer viruses and worms
what staff who don t use the computer need to know
What Staff Who Don’t Use the Computer Need to Know
  • There is a federal law (HIPAA) which requires that all our staff learn to protect our information
  • You must not use our computers unless you have been authorized to do so
  • If you find any computer printout, floppy disk, or computer CD, turn it in to your supervisor
  • If you suspect a security violation, report it to your supervisor
data stewardship first some definitions
Data StewardshipFirst – Some Definitions
  • Facility Data – data which is acquired, developed, or maintained by our staff in performance of their duties
  • Application – a purchased, shared, or developed set of files which maintain Facility Data
  • Application Owner – a single, designated person, responsible for this application and the data it maintains
some more definitions
Some More Definitions
  • Data File – a computer file (often in Word, Excel, or Access format) which contains Facility Data
  • Computer User – staff who use a Facility computer in performance of their assigned duties
  • Data Owner – the person who created and saved a file which contains facility data, or in the case of an application, the application owner
network files are classified according to security level
Network Files are Classified According to Security Level
  • Public Files – Usually on our internet site, not protected
  • Private Files – Usually store on S:, shared among all network users, protected by Network login requirement
  • Secure Files – Except for Application Software and Secure Systems, all files NOT stored on the S: Shared folder. Secure files are protected by network rights
  • Application Software – Things like Word and Excel
  • Secure Systems – Those systems (like HEARTS) which have been classified as needing MORE than standard file access rights to protect the data
data stewardship
Data Stewardship
  • All data on the LAN is “owned” by a single member of our staff
  • The Data Owner must protect the data
  • If the data belongs to one of our “applications”, then the data is owned by the application owner
  • If the data is not part of an application, the data is owned by the person who created the file
files must be stored in secure network folders
Files Must be Stored in Secure Network Folders
  • All files on the Local Area Network are kept in folders
  • If the folder is the S: (S for Shared), then the files are private, but not confidential, and can be seen by all computer users. No PHI should be stored here
  • All other folders are for Secure Files, and cannot be seen by anybody unless they have been granted network rights. PHI can be stored
new responsibilities for all supervisors
New Responsibilities for all Supervisors
  • Ensuring that employees are aware of and observe all computer security requirements
  • Monitoring employee activities to ensure compliance with all software legal requirements
  • Ensuring that only authorized software runs on State computers
rules for computer users
Rules for Computer Users
  • Data Ownership and LAN Structure
  • Requesting Network Rights
  • Making Changes in Network Rights
  • Password Rules
  • Mobile Devices
  • Personal Use
  • User “Don\'ts”
  • Maintaining Security
data owner responsibilities
Data Owner Responsibilities
  • Understanding the LAN Rights Structure
  • Storing their files only in appropriately secure areas
  • Preventing non-Public files from being copied to moveable media
  • Keeping Protected Health Information (PHI) secure
rights on the lan 1
Rights on the LAN - #1
  • All users have a private file storage area. This is their “H Drive”, or “Home”.
  • Many users also have rights to a shared folder (typically, the “G Drive”, along with others in their department
  • The “S Drive”, or Shared area, can be used for exchanging files between staff, but cannot be used if the file contains PHI
rights on the lan 2
Rights on the LAN - #2
  • Rights to “Applications” that run on the network are granted by the Application Owner
  • If rights to use an application are granted by any person other than the Application Owner, the person granting those rights must send email to the Application Owner notifying them what rights were granted
new computer users must
New Computer Users Must . .
  • Complete General Security Training
  • Read and sign our Computer User’s Agreement
  • Fill out a Network Rights Request form
  • Get any necessary Data Owner signatures
  • Get their Supervisor’s signature on the Network Rights Request form
  • Turn the form in to Computer Services
slide15

Users must read and sign the Computer User’s Agreement before they can be given rights to the Local Area Network.

slide16

Users must complete the Network Security Rights Request form

You sign here

If you need rights to a home’s PPS, you must get the Home Coordinator’s signature here

Your Supervisor’s signature goes here

making changes in network rights
Making Changes in Network Rights
  • The same Network Security Rights Request form is used to change network rights for an existing user
  • When the form is used to remove rights, the applicant’s signature and the Data Owner’s signature are not required, but the Supervisor’s signature is required
  • The Data Owner does NOT need to use this form to request the total removal of rights; they may use Email to the Help Desk instead
password rules
Password Rules
  • Your network password must be changed every 90 days
  • Network users must select and change their own passwords
  • Users will be allowed three “grace” logins when their password expires
  • All passwords must be at least eight characters, and must not be “guessable”
  • You must not tell your password to anybody, even your supervisor
password dos
Password “Dos”
  • Mix upper and lower case letters
  • Mix letters and numbers
  • Pick a password you can remember
  • Choose a completely new password each time you change
  • Include non-alphanumeric characters, such as &, $, and >
  • Pick a password with at least 8 characters
password don ts
Password “Don’ts”
  • Do not use recognizable words that might appear in a dictionary
  • Do not use proper names
  • Do not use words in other languages, such as “bonjour”
  • Do not use your personal information, such as the names of your pets or your children
mobile computing devices
Mobile Computing Devices
  • PDAs will be issued only where there is a critical need, and their use must be approved by the Security Official
  • The use of removable storage devices such as USB flash drives or CD R/W drives are not permitted without the express permission of the Security Official
  • Mobile computing devices must never be left in unsecured areas
personal use of computers
Personal Use of Computers
  • Personal projects may be permitted on the employee’s own time, but written supervisor permission is required
  • An employee may make personal use of internet searches only with the approval of their supervisor
  • An employee may not use instant messaging or download music files without permission from both their supervisor and the LAN Manager
user don ts 1
User “Don’ts” - #1
  • Users must not change their hardware configuration or physical location without the permission of the Workstation Manager
  • Downloading software from the internet and bringing software from home are forbidden
  • An employee may not use our information, applications, or equipment for personal commercial gain
user don ts 2
User “Don’ts” - #2
  • Users must identify themselves clearly and correctly when using email
  • Any type of mass mailing by one of our workforce members that does not pertain to governmental business is forbidden
  • Circumventing user authentication or security is forbidden. A user must be logged in to the LAN as themselves before operating any computer software
user don ts 3
User “Don’ts” - #3
  • Staff must not provide information about, or lists of, employees or consumers to parties outside this organization
  • Staff must not post to non-work related public discussion groups or forums on the internet
  • Users must not access, or attempt to gain access to, any computer account to which they are not authorized
maintaining security 1
Maintaining Security - #1
  • In order to maintain confidentiality of protected health information (PHI), workstations should be set up so that the screen is not visible by people standing at the door or entering the room
  • If you are viewing PHI, and a person unauthorized to see the PHI enters the room, you should minimize the application or turn off the computer monitor
maintaining security 2
Maintaining Security - #2
  • Sensitive paper and computer media should be stored in locked cabinets when not in use
  • Protected or sensitive information, when printed to a shared printer, should be retrieved immediately
  • Sensitive information should not be stored at the home of an employee without appropriate supervisor authorization
maintaining security 3
Maintaining Security - #3
  • Any activity conducted using the State’s computers, including email and the use of the internet, may be logged, monitored, archived or filtered, either randomly or systematically
  • Both this Facility and the Division reserve the right to perform these actions without specific notice to the user
maintaining security 4
Maintaining Security - #4
  • All users are responsible for helping to prevent the introduction and spread of computer viruses and other “malware”
  • All files received from any source external to this Division must be scanned for computer viruses before opening
  • Users must immediately contact their supervisor or the Help Desk when a virus is suspected or detected
maintaining security 5
Maintaining Security - #5
  • Employees must report all information security violations to either the Computer Help Desk or the Security Official
  • Users must notify the Help Desk immediately if they know or suspect that their network account or workstation has been compromised by a virus or unauthorized access
  • Users should not attempt to remove viruses themselves without permission from the Help Desk
maintaining security 6
Maintaining Security - #6
  • Users should not stay logged in to the LAN if they are going to leave the room for more than 15 minutes, even if it is locked
  • During the day, workstations should be left at the Netware Login screen. At night, computers should be powered down
  • All network accounts and workstation hard drives are subject to periodic audit for the purpose of maintaining security and license requirements
engaging in safe computing
Engaging in “Safe” Computing
  • All users must protect against viruses
  • Do not bring software from home
  • Do not download software from the internet
  • Do not open email attachments that you were not expecting to receive
  • Only operate computers which are running virus protection software
  • When in doubt, call and ask
complete the test now
Complete the Test Now!
  • All computer users must complete this test
  • Here is the test. Take it now!http://www.JIRDC.org/SecTest.pdf
ad