1 / 34

Using Computers at the Riddle Center

Using Computers at the Riddle Center. What all JIRDC Computer Users Need to Know. What You Need to Know. ALL JIRDC staff - even those that don’t use computers - need to know some things about security What “Data Stewardship” means

Download Presentation

Using Computers at the Riddle Center

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Using Computers at the Riddle Center What all JIRDC Computer Users Need to Know

  2. What You Need to Know • ALL JIRDC staff - even those that don’t use computers - need to know some things about security • What “Data Stewardship” means • New Information Security Policies and Procedures mean new rules for computer users • How to fulfill your responsibility to help keep the JIRDC computers safe from computer viruses and worms

  3. What Staff Who Don’t Use the Computer Need to Know • There is a federal law (HIPAA) which requires that all JIRDC staff learn to protect JIRDC information • You must not use JIRDC computers unless you have been authorized to do so • If you find any computer printout, floppy disk, or computer CD, turn it in to your supervisor • If you suspect a security violation, report it to your supervisor

  4. Data StewardshipFirst – Some Definitions • Facility Data – data which is acquired, developed, or maintained by JIRDC staff in performance of their duties • Application – a purchased, shared, or developed set of files which maintain Facility Data • Application Owner – a single, designated person, responsible for this application and the data it maintains

  5. Some More Definitions • Data File – a computer file (often in Word, Excel, or Access format) which contains Facility Data • Computer User – staff who use a JIRDC computer in performance of their assigned duties • Data Owner – the person who created and saved a file which contains facility data, or in the case of an application, the application owner

  6. Network Files are Classified According to Security Level • Public Files – Usually on our internet site, not protected • Private Files – Usually store on S:, shared among all JIRDC network users, protected by Network login requirement • Secure Files – Except for Application Software and Secure Systems, all JIRDC files NOT stored on the S: Shared folder. Secure files are protected by network rights • Application Software – Things like Word and Excel • Secure Systems – HEARTS, the Pharmacy system, and the Personal Planning System, protected by network rights and more

  7. Data Stewardship • All data on the JIRDC LAN is “owned” by a single JIRDC staff person • The Data Owner must protect the data • If the data belongs to one of our “applications”, then the data is owned by the application owner • If the data is not part of an application, the data is owned by the person who created the file

  8. Files Must be Stored in Secure Network Folders • All files on the JIRDC Local Area Network are kept in folders • If the folder is the S: (S for Shared), then the files are private, but not confidential, and can be seen by all JIRDC computer users. No PHI should be store here • All other folders are for Secure Files, and cannot be seen by anybody unless they have been granted network rights. PHI can be stored

  9. New Responsibilities for all JIRDC Supervisors • Ensuring that employees are aware of and observe all computer security requirements • Monitoring employee activities to ensure compliance with all software legal requirements • Ensuring that only authorized software runs on State computers

  10. Rules for JIRDC Computer Users • Data Ownership and JIRDC LAN Structure • Requesting Network Rights • Making Changes in Network Rights • Password Rules • Mobile Devices • Personal Use • User “Don'ts” • Maintaining Security

  11. Data Owner Responsibilities • Understanding the JIRDC LAN Rights Structure • Storing their files only in appropriately secure areas • Preventing non-Public files from being copied to moveable media • Keeping Protected Health Information (PHI) secure

  12. Rights on the JIRDC LAN - #1 • All JIRDC users have a private file storage area. This is their “H Drive”, or “Home”. • Many JIRDC users also have rights to a shared folder (typically, the “G Drive”, along with others in their department • The “S Drive”, or Shared area, can be used for exchanging files between staff, but cannot be used if the file contains PHI

  13. Rights on the JIRDC LAN - #2 • Rights to “Applications” that run on the JIRDC network are granted by the Application Owner • If rights to use an application are granted by any person other than the Application Owner, the person granting those rights must send email to the Application Owner notifying them what rights were granted

  14. New Computer Users Must . . • Complete General Security Training • Read and sign the JIRDC Computer User’s Agreement • Fill out a Network Rights Request form • Get any necessary Data Owner signatures • Get their Supervisor’s signature on the Network Rights Request form • Turn the form in to Computer Services

  15. Users must read and sign the JIRDC Computer User’s Agreement before they can be given rights to the JIRDC Local Area Network.

  16. Users must complete the Network Security Rights Request form You sign here If you need rights to a home’s PPS, you must get the Home Coordinator’s signature here Your Supervisor’s signature goes here

  17. Making Changes in Network Rights • The same Network Security Rights Request form is used to change network rights for an existing user • When the form is used to remove rights, the applicant’s signature and the Data Owner’s signature are not required, but the Supervisor’s signature is required • The Data Owner does NOT need to use this form to request the total removal of rights; they may use Email to the Help Desk instead

  18. Password Rules • Your network password must be changed every 90 days • JIRDC Network users must now select and change their own passwords • Users will be allowed three “grace” logins when their password expires • All passwords must be at least eight characters, and must not be “guessable” • You must not tell your password to anybody, even your supervisor

  19. Password “Dos” • Mix upper and lower case letters • Mix letters and numbers • Pick a password you can remember • Choose a completely new password each time you change • Include non-alphanumeric characters, such as &, $, and > • Pick a password with at least 8 characters

  20. Password “Don’ts” • Do not use recognizable words that might appear in a dictionary • Do not use proper names • Do not use words in other languages, such as “bonjour” • Do not use your personal information, such as the names of your pets or your children

  21. Mobile Computing Devices • PDAs will be issued only where there is a critical need, and their use must be approved by the JIRDC Security Official • The use of removable storage devices such as USB flash drives or CD R/W drives are not permitted without the permission of the Security Official • Mobile computing devices must never be left in unsecured areas

  22. Personal Use of JIRDC Computers • Personal projects may be permitted on the employee’s own time, but written supervisor permission is required • An employee may make personal use of internet searches only with the approval of their supervisor • An employee may not use instant messaging or download music files without permission from both their supervisor and the JIRDC Workstation Manager

  23. User “Don’ts” - #1 • Users must not change their hardware configuration or physical location without the permission of the Workstation Manager • JIRDC forbids downloading software from the internet and bringing software from home • An employee may not use JIRDC information, applications, or equipment for personal commercial gain

  24. User “Don’ts” - #2 • Users must identify themselves clearly and correctly when using email • Any type of mass mailing by JIRDC workforce members that does not pertain to governmental business is forbidden • Circumventing user authentication or security is forbidden. A user must be logged in to the JIRDC LAN as themselves before operating any computer software

  25. User “Don’ts” - #3 • JIRDC staff must not provide information about, or lists of, JIRDC employees or residents to parties outside the Center • JIRDC staff must not post to non-work related public discussion groups or forums on the internet • JIRDC users must not access, or attempt to gain access to, any computer account to which they are not authorized

  26. Maintaining Security - #1 • In order to maintain confidentiality of protected health information (PHI), workstations should be set up so that the screen is not visible by people standing at the door or entering the room • If you are viewing PHI, and a person unauthorized to see the PHI enters the room, you should minimize the application or turn off the computer monitor

  27. Maintaining Security - #2 • Sensitive paper and computer media should be stored in locked cabinets when not in use • Protected or sensitive information, when printed to a shared printer, should be retrieved immediately • Sensitive information should not be stored at the home of an employee without appropriate supervisor authorization

  28. Maintaining Security - #3 • Any activity conducted using the State’s computers, including email and the use of the internet, may be logged, monitored, archived or filtered, either randomly or systematically • Both JIRDC and the Division reserve the right to perform these actions without specific notice to the user

  29. Maintaining Security - #4 • All users are responsible for helping to prevent the introduction and spread of computer viruses and other “malware” • All files received from any source external to DMH/DD/SAS must be scanned for computer viruses before opening • Users must immediately contact their supervisor or the JIRDC Help Desk when a virus is suspected or detected

  30. Maintaining Security - #5 • Employees must report all information security violations to either the Computer Help Desk or the JIRDC Security Official • Users must notify the Help Desk (2785) immediately if they know or suspect that their network account or workstation has been compromised by a virus or unauthorized access • Users should not attempt to remove viruses themselves without permission from the Help Desk

  31. Maintaining Security - #6 • Users should not stay logged in to the LAN if they are going to leave the room for more than 15 minutes, even if it is locked • During the day, workstations should be left at the Netware Login screen. At night, computers should be powered down • All network accounts and workstation hard drives are subject to periodic audit for the purpose of maintaining security and license requirements

  32. Engaging in “Safe” Computing • All users must protect against viruses • Do not bring software from home • Do not download software from the internet • Do not open email attachments that you were not expecting to receive • Only operate computers which are running virus protection software • When in doubt, call 2785 and ask

  33. Complete the Test Now! • All JIRDC computer users must complete this training and take this test before using our network. • Answer the questions on-line, then click the print button at the bottom, and mail the printed completed test to Paul Rasmussen in Computer Services (#8). You’ll hear back by email. • Here is the test. Take it now!http://www.JIRDC.org/SecTest.pdf

  34. Protect Our Data!

More Related