1 DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate Use Policies i Lesson Four: Good Security Practices Conclusion
2 Introduction The Security Awareness Training is divided into four sections:. The first section, Computer Security Basics, will focus on the key concepts in computer security. You will learn about the importance of safeguarding our data and keeping our network secure. The second section, Protecting Personally Identifiable Information, will talk about the various types of PII, the importance of keeping PII secure, and the steps DOL has taken to accomplish that goal. In the third section, Appropriate Use Policies, we will cover policies related to using DOL computers and the network. You will learn about what you are allowed to do and what you are not allowed to do using DOL equipment. And in the last section, Good Security Practices, you will learn about the important practical steps you can take to help keep DOL data and computers secure. By the end of this training you will be able to identify information security risks associated with using By the end of this training, you will be able to identify information security risks associated with using a government computer. You will know the rules of appropriate behavior when using DOL computers. You will also be able to recognize a security incident and respond to it appropriately.
3 Lesson One: Computer Security Basics
4 Risk Awareness Lesson 1.1 Risk Awareness DOL computer systems are important to our job functions. However, networked computers and the Internet pose some significant security risks: Information passing between computers might be intercepted ormisdirected misdirected. Hackers may exploit weaknesses in security to get access to things that should stay protected. Viruses can spread from computer to computer over the network, damaging our systems and endangering reliability Sensitive information, if it gets into the wrong hands, can be used for identity theft and fraud. Because of these risks, DOL has developed comprehensive security policies and practices that we all must follow. Strong security depends on the cooperation of all of us.
5 User Responsibilities Lesson 1.2 User Responsibilities Because DOL is committed to safeguarding the confidentiality and integrity of its information resources, all staff using DOL computers are required to understand and adhere to our security policies and practices. These include the following requirements: Safeguarding sensitive data like Personally Identifiable Information (PII) Implementing sound physical security practices Rf Refraining ii from inappropriate i use of DOL technology Adhering to strict password standards Employing our Computer Security Incident Response Capability (CSIRC) to ensure that if a security incident does arise, our staff members are prepared to handle it Ultimately, staff training is the first line of defense in our network security strategy.
6 Lesson Two: Protecting Personally Identifiable Information
7 Our Responsibility to Protect PII Lesson 2.1 Our Responsibility to Protect PII The loss of Personally Identifiable Information or PII, has become a major problem in recent years. A recent report from ComputerWorld magazine found that Data loss was widespread at government agencies Since 2003, 19 agencies have reported at least one loss of personal information. What is PII? PII is defined by DOL as any information about an individual which can be used to distinguish or trace an individual's identity. PII examples include all of the following : First and last name, address, business address Gender, race, ID badge or identification number Credit card number, bank account number, home address Photo, fingerprints, date and place of birth, mother s maiden name, criminal or medical records It is DOL policy to comply with all Federal mandates and laws that govern the protection of PII and other sensitive data.
8 Overview of PII Lesson 2.2: Overview of Personally Identifiable Information DOL policy defines two types of PII: Non Sensitive PII and Protected t dpii Non Sensitive PII is PII whose disclosure cannot be expected to result in personal harm Examples: First and last name, address, business address, business telephone, general education credentials, gender or race, etc. Protected PII is PII of a sensitive nature whose disclosure could result in harm to an individual. Protected PII is often truly unique to a particular person; such as a Social Security Number, biometric data like a fingerprint, or a credit card number. Next, we will focus on Protected PII and DOL s commitment to safeguarding it.
9 Focus on Protected PII As we ve discussed, Protected PII is information that is often unique to an individual. Examples include but are not limited to: Social Security Number, credit card numbers, legal documents, bank account number, home address, vehicle identifiers, home and/or personal phone numbers, photo, fingerprints, date and place of birth, mother s maiden name, criminal, medical, and financial records. Any of these pieces of Protected PII, even by themselves, could allow an identity thief or other criminal to harm a DOL student or staff member. That s why DOL is highly committed to safeguarding Protected PII and has implemented security policies to accomplish that goal.
10 Safeguarding PII Lesson 2.4 Procedures for Safeguarding PII Protected PII is the most sensitive information that you may encounter in the course of your duties at DOL and it is vitally important that we remember to safeguard it. Lttlk Lets talk about tthe things you can do to help hl DOL protect tpii: Staff may not use personally owned or public computers to download or store protected PII without approval. Always use Pointsec Media Encryption (PME) to encrypt data that is moved to a portable device like a thumb drive, CD or floppy disk. Immediately report any missing i documents or equipment that contains Protected dpii to your agency Information Security Officer (ISO). For details on how to handle media and documents containing PII; including labeling, storage, disposal, and shipping, see Department of Labor Manual Series DLMS , DOL Safeguarding Sensitive Data Including Personally Identifiable Information.
11 Safeguarding PII with Encryption Lesson 2.5 Safeguarding PII with Encryption We ve discussed the things that you can do to protect PII, now let s take a look at the things DOL is doing. The loss of PII has become a major problem in recent years. Because of this risk, on June 23, 2006, the Office of Management and Budget (OMB) distributed a mandate to protect PII. This directive required that DOL take the following steps to protect PII: All workstations and laptops in the DOL system now have Pointsec Media Encryption (PME) software installed. Encryption is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. PME encrypts and password protects any data exported to a removable media device. DOL has also issued laptop computers with full disk encryption, removable media encryption, and two factor authentication to thousands of staff members that access the network remotely. Remote access to DOL systems has been limited and further protected with additional security measures including twofactor authentication, SSL Virtual Private Networking (VPN), as well as the disabling of downloading & local drive mapping through Citrix. These security initiatives have greatly increased the security and integrity of DOL data. We will discuss Pointsec Media Encryption (PME) in more detail later in the training.
12 Lesson 3: Appropriate Use Policies i
13 Appropriate Use Lesson 3.1: Appropriate Use Your Agency s Rules of Behavior outline how staff may use government owned resources. This includes computers, telephones, fax machines, photocopiers, p , and the Internet. Here are some general guidelines: To keep our network running smoothly, staff should refrain from using DOL resources to run an outside business or conduct trade online. Government property, such as laptops or PDAs, should only be taken from your office for approved business reasons, like workrelated travel. Because DOL is part of the Federal Government, staff should not do any fundraising, make endorsements, lobby for an issue, or perform political activities using DOL resources. In the next portion of this training, we ll look at some additional guidelines to follow when using the DOL network.
14 Personal Use of the Internet Lesson 3.2: Personal Use of the Internet Here are some guidelines to follow when using the DOL network Keeping our network running smoothly is very important to DOL. But some popular technologies, like streaming video and music, live stock market feeds, and sports updates can bring a network to its knees and severely affect performance. DOL employees are expected to refrain from using government equipment for such activities In order to protect the network from threats including viruses, worms and spyware, Peer to Peer file sharing which is not DOL or Agency moderated and controlled shall not be allowed on DOL or Agency systems or infrastructure To help combat identity theft and fraud, staff should refrain from buying or selling merchandise and services online. To prevent the spread of malicious software like spyware, you should only install software that has been approved by DOL. For more information on DOL s policies on Internet usage, refer to DLMS 9 900, Appropriate Use of IT
15 Appropriate Use Lesson 3.3: Appropriate Use is a powerful tool for communication. However, because of the easy and familiar nature of it, it s easy to forget that DOL is not private and needs to be used with care. Use the following guidelines when using our system: To help fight the spread of spam , staff should not send or forward any chain letters, junk mail, or hoax related , and be cautious when using the Reply to All feature. If you receive a notice regarding a computer virus, do not forward it. Sometimes virus warnings actually contain viruses. Virus alerts will come from official DOL sources. It s the Security Team s job to look out for new viruses and protect our systems. Be professional, courteous and remember that your account is not private. Assume that every you write will be read by your coworkers.
16 Representing DOL Professionally Lesson 3.4: Representing DOL Professionally While performing your duties at DOL, bear in mind that you are representing DOL when you use your network account. Be professional, courteous and use common sense. In order to create a safe and professional workplace, DOL policy prohibits viewing certain content like adultoriented material, information or Web sites that promote racism, bigotry and unlawful or violent acts. Obviously, these activities are not allowed for good reasons and DOL implements certain technologies to prevent users from engaging in them. Also, to help keep our network and data secure, Federal law prohibits staff from turning off security software or using any tools to bypass security measures or disrupt operation of the network. You should know that using any DOL computer system means that you consent to having your activities monitored and recorded, so staff can have no expectation of privacy. Since you are representing DOL, you need to be careful what you post online or say in . When people see your address, they might assume that you represent DOL in an official capacity and your personal views may be taken as though they were the views of DOL. If you must express personal opinions via , you should add the following disclaimer to the message: The contents of this message are mine personally and do not reflect any position of the Government or my agency. If you have any questions about DOL policy, please consult DLMS 9 900
17 Lesson 4: Good Security Practices
18 Good Security Practices Overview Lesson 4.1: Good Security Practices Overview By now, we hope you have a better understanding of the security risks associated with using a DOL computer. Section 4, the final section of this training, provides an overview of good computer security practices. You ll learn how to use encryption to protect data on mobile devices, how to secure your work area, and how to protect against viruses, hackers and other threats. And we ll also cover password protection and show you what to do if you notice a security incident. You are responsible for complying with DOL policies and procedures, which will help to reduce our computer security risks.
19 Security for Mobile Devices Lesson 4.2: Security for Mobile Devices As part of your duties at DOL, you may be required to travel or work from home using mobile computing devices like laptops and PDAs, or portable storage devices like USB thumb drives, that can access PII via the DOL network. It is your responsibility to ensure that these devices and the data they contain are kept secure at all times. Some guidelines for protecting mobile devices are these: Mobile computing and storage devices like laptops, PDAs, and USB drives must be kept in your direct possession. If you must leave the device, put it in a locked drawer or a security locker. Secure your laptop with a strong password and use encryption to secure the contents of mobile storage devices. USB thumb drives, CDs, DVDs, portable hard drives, floppy disks, and other data storage devices must not contain protected PII or other sensitive data unless the data is protected with encryption If something is lost or stolen, report it to your Information Security Officer (ISO) within 1 hour of discovery.
20 Pointsec Media Encryption Lesson 4.3: Pointsec Media Encryption As we ve discussed, d encryption technologies play a large part in DOL s security strategy. Encryption is the process of transforming data to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. If you must store data on a mobile device, DOL has provided you with an easy way to protect the data with encryption using Pointsec Media Encryption (PME). All workstations and laptops in the DOL system now have Pointsec Media Encryption (PME) software installed. PME encrypts and password protects any data exported to a removable device. To decrypt your data, simply double click the PME.exe utility that has been copied to the mobile device and enter the correct Account name and Password. There are several methods for exporting files that are commonly used by DOL users: The Send to menu option, Save as, Copy and Paste, and Drag and Drop Staff can also use the new Encryption right click menu option to create an encrypted package for export to a CD. Commonly used mobile devices include USB thumb drives, CDs, DVDs, portable hard drives, floppy disks and flash memory sticks.
21 Physical Security Lesson 4.4: Physical Security and Environmental Controls Physical Security controls help prevent theft, fraud and information abuse by keeping unauthorized people away from our systems. It is important to remember your role in creating a secure workplace. When you are required dto, remember to turn in all DOL issued equipment, badges, and work files. Always secure your computer by locking it when you leave for any length of time. To lock it, simply press and hold Ctrl + Alt + Del and hit Enter. Remember to report unauthorized building access attempts t to your security guard or facilities management personnel.
22 Protecting Against Hackers Lesson 4.5: Protecting Against Hackers Hackers sometimes use sophisticated methods to break into computers and steal data. The most common attacks use one or more of the following: Password cracking Exploiting known security weaknesses Network spoofing Social engineering Phishing Our best protection against these kinds of attacks is to be sure that you choose a strong password. Also, make sure your computer is set up to install Microsoft s automatic updates. We will talk more about how to create strong passwords later in this section.
23 Social Engineering and Phishing Lesson 4.6: Social Engineering and Phishing Another security risk is the growing use of Social Engineering and Phishing by unauthorized persons in order to obtain sensitive information through deception. Social Engineering and Phishing often occur when someone sends an or calls you on the phone, falsely claiming to be a legitimate business or a real staff member in an attempt to trick you into divulging sensitive information that could be used for fraud, identity theft, or unauthorized system access. A Social Engineer may by a former coworker or a friend of a friend that tries to sway you into giving access to systems or data by claiming that they need to retrieve some old files they left behind, or they are picking up something for a mutual friend. Phishing often takes the form of an or phone call falsely claiming to be an established legitimate business in an attempt to trick the user into surrendering sensitive information that could be used for fraud or identity theft. Follow these guidelines: Never give unauthorized persons or people you don t know access to DOL information, personnel information, or our networks & systems. Always check with your agency ISO when you are approached by someone seeking information or access to the DOL systems. You must report all unauthorized access attempts, inquiries, and suspicious s to your agency ISO immediately.
24 Wireless Security Lesson 4.7: Wireless Security Wireless technology is a rapidly growing means to connect computers to networks. With wireless connections, you only need to be in range of a wireless access point to log in and access the network. However, the very nature of transmitting data through the air greatly increases the risk of system intrusion and data theft. hf It is DOL policy that no unauthorized wireless devices may be used to access or store protected PII or other sensitive data. This includes personal laptops, game devices, PDAs, or any other kind of wireless device. All remote access, especially wireless access, into sensitive data must be protected using a secure encrypted channel. Public wireless networks are more vulnerable to hackers targeting unsecured computers and networks. Technologies such as Citrix and Virtual Private Network (VPN) use advanced encryption to protect the data being transmitted to and from your laptop or wireless device. Now, let s take a moment to talk about the importance of Password Security.
25 Password Protection Lesson 4.8: Password Protection Your password plays an important part in computer security, and strong passwords often are the first line of defense against unauthorized access. When you set the password on your computer or on an application that you use, you should choose a password that s hard to guess, and that would be difficult for a computer program to break. Your DOL password must conform to the following: Your password must be at least eight characters long, and it must mix uppercase and lowercase letters. Your password must include at least one number, and it must include at least one special character for #, :, > and % To help you remember the password, try creating a pass phrase using a series of words and incorporate all the features listed above. Don't use names of family or pets, or leave notes with passwords near your desk. Never give your password to anyone Here are some examples of passwords: Good Password: B^3rK*)9 Bad Password: john123
26 Security Incident Response Program Lesson 4.9: Security Incident Response Program Security incidents can pose a risk to DOL computer systems and to our data. We need your help in detecting and responding to these incidents. Computer security incidents can include things like viruses, unauthorized access to computer systems, missing i PII documents or altered data, or any programs that send or use the Internet when you re not expecting it. If any of these things happen to you, or you have any other indication that there might be a security problem with your computer, you should respond with three steps. 1. First, stop using the computer. Don t turn it off, or finish i your task, or attempt t to fix the problem. Just leave the computer alone. Please, DON T send using the infected computer. 2. Second, put a note on the computer indicating that it has a problem. This will keep other staff from using the computer as well. 3. Immediately call your IT Help Desk to report the incident. Include all the details, including what you were doing when it happened. For an incident id involving i lost equipment or any PII issue, call your agency ISO immediately.
27 Conclusion Conclusion Congratulations you have finished this Congratulations, you have finished this training!
28 References DLMS , Appropriate Use of IT DLMS , DOL Safeguarding Sensitive DataIncludingPersonally Identifiable Information
29 Acknowledgement This is an acknowledgement that I have received and reviewed the Computer Security Training for new DOL users. Printed Name: Signature: Date Signed: Agency:
Computer Security and Privacy 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Guidelines for Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information The following rules of behavior apply to all Department of Homeland Security
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency
The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify
Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
* CYBERSECURITY POLICY THE CYBERSECURITY POLICY DEFINES THE DUTIES EMPLOYEES AND CONTRACTORS OF CU*ANSWERS MUST FULFILL IN SECURING SENSITIVE INFORMATION. THE CYBERSECURITY POLICY IS PART OF AND INCORPORATED
Appendix H: End User Rules of Behavior 1. Introduction The Office of Management and Budget (OMB) has established the requirement for formally documented Rules of Behavior as set forth in OMB Circular A-130.
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
Gibraltar Regulatory Authority Data Protection Division Data Protection Division Data Protection Division Guidance Note Number 10/08 Monitoring of Staff Guidance Note Number 10/08 Issue Date: 06/11/2008
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
Email Security 01-15-09 Fort Mac Most Common Mistakes in Email Security Email Security 1. Using just one email account. 2. Holding onto spammed-out accounts too long. 3. Not closing the browser after logging
Computer Security Self-Test: Questions & Scenarios Rev. Sept 2015 Scenario #1: Your supervisor is very busy and asks you to log into the HR Server using her user-id and password to retrieve some reports.
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
Estimated time: 45 minutes Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Overview: Students learn strategies for guarding against
Cyber Opsec Protecting Yourself Online Think. Protect. OPSEC. www.ioss.gov CYBER OPSEC: section 1 Internet Communication in General Our carelessness makes the job easy for the adversary. The Internet was
OCS Internet Acceptable Use and Safety Policy for Students The Opportunity Charter School ( OCS or the School ) provides access to OCS s Internet Systems for its students for educational purposes, in conformance
INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
Delaware State University Policy Title: Delaware State University Acceptable Use Policy Board approval date: TBD Related Policies and Procedures: Delaware State University Acceptable Use Policy A Message
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
Odessa College Use of Computer Resources Policy Policy Date: November 2010 1.0 Overview Odessa College acquires, develops, and utilizes computer resources as an important part of its physical and educational
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
Account Security One of the easiest ways to lose control of private information is to use poor safeguards on internet accounts like web-based email, online banking and social media (Facebook, Twitter).
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON
University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
2014 WorldEscrow N.V./S.A. SECURITY POLICIES AND PROCEDURES This document describes internal security rules within the WorldEscrow N.V./S.A. organization. Content 1) Employee Responsibilities... 1 2) Use
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance
SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE Directive Concerning the Colorado Judicial Department Electronic Communications Usage Policy: Technical, Security, And System Management Concerns This
July 21, 2015 MEMORANDUM To: From Subject: All Users of DCRI Computing Equipment and Network Resources Eric Peterson, MD, MPH, Director, DCRI Secure System Usage The purpose of this memorandum is to inform
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
Welcome to the Training Module 1 Introduction Does loss of control over your online identities bother you? 2 Objective By the end of this module, you will be able to: Identify the challenges in protecting
An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots
Your Login ID: GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS CONTENTS 1.0 Introduction... 3 1.1 Welcome to Edinburgh Napier University from Information Services!... 3 1.2 About Information
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
Acceptable Usage Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
Book Section Title Number Status SCS Policy Manual I INSTRUCTION Acceptable Use of Electronic Network Resources and Internet Safety IIBEA * R Active Legal 18 U.S.C. Sections 1460 and 2256 47 U.S.C. Section
Groby Community College Achieving Excellence Together Authorised Acceptable Use Policy 2015-2016 Reviewed: Lee Shellard, ICT Manager: May 2015 Agreed: Leadership & Management Committee: May 2015 Next review:
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
Stop!! THINK Click Who must complete this training All Users: This training is required for all individuals, including contractors and vendors, with security access to sensitive or confidential systems
Disclaimer: This material is designed and intended for general informational purposes only, and is not intended, nor shall it be construed or relied upon, as specific legal advice. Nearly all companies
To view the complete Information and Security Policies and Procedures, log into the Intranet through the IRSC.edu website. Click on the Institutional Technology (IT) Department link, then the Information
White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING
HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,
Approved by: Information Technology Acceptable Use and Safeguards President and Chief Executive Officer Corporate Policy & Procedures Manual Number: X-50 Date Approved May 12, 2014 Next Review (3 years
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
Information Security Handbook for Employees Providing our patients with excellence in healthcare includes protecting their information This handbook was prepared by Tom Walsh Consulting, LLC for the Kansas