SCRIPT: Security Training
|
|
- Gervais Poole
- 7 years ago
- Views:
Transcription
1 SCRIPT: Security Training Slide Name Introduction Overview 1 Overview 2 Overview 3 Text Welcome to the MN WIC Program Security Training Module for all MN WIC Program staff provided by the MN Department of Health WIC Program. The purpose of this training is to review the processes for ensuring "the security of the WIC Information System networks, data and computer equipment". (Ref: MOM, Section 9.3) In order to do this, we must understand and recognize what the expectations are for maintaining participant and data privacy: and what our responsibilities are towards ensuring that we protect ourselves and our participants from security breaches. During this training, we will help identify the security procedures that we can use to protect our computer equipment; along with the system's security features that help us to protect ourselves and our participant's data; Q1 - What do you Data Privacy 1 Lastly, we'll discuss how to identify a security incident and what to do if it occurs. Data Privacy TRUE/FALSE: WIC data is private under Federal WIC Regulation. "WIC data is private under Federal WIC Regulations, Section 246.2(d). This regulation restricts the use and disclosure of information from WIC applicants and participants to persons directly connected with the administration or enforcement of the program..." (Ref. MOM, Section 1.7) Data Privacy 2 It is our responsibility as representatives of the WIC Program to secure access to our participant's private information and to "ensure the security of WIC Information System networks, data and computer equipment". (Ref: MOM, Section 9.3) Q2 - What do you Windows Login Windows Login 1 Full-Disk Encryption Windows Login 2 System Security Features TRUE/FALSE: My Window's login is a system security feature. If you chose TRUE for the answer to that last question, you were right...but probably not only for the reason you were thinking. Let's start with the system's security features. Although our Windows login "unlocks" the computer so that we can use it, which is probably the security reason we are most familiar with, it also functions as a key to unlock the encrypted information on our computer. Our desktops and laptops have something called "full-disk encryption". This is technology that protects information on the computer by converting it into a nonreadable format, making it unreadable or unusable by anyone that does not have the key to unlock it. Our Windows login is the key to unlocking the encryption on our hard drive so that we can access, read and use the information stored on our computer. Page 1 of 7
2 Q3 - What do you HTTPS Q4 - What do you Wireless 1 Wireless 2 Q5 - What do you HuBERT Login 1 HuBERT Login 2 Passwords HuBERT Login 3 Q6 - What do you Passwords 1 TRUE/FALSE: The "s" in " in the URL means the path between the site and your computer is encrypted. The "s" in the in a URL indicates that it is secure. Although the HuBERT application masks the URL so that we don't see it when we open HuBERT, web service uses HTTPS to create a secure, encrypted path between the HuBERT servers and our computers. TRUE/FALSE: Wireless Internet connections can be made secure. The statement in that last question is true. A wireless router can be used to direct information between the HuBERT computers, printers, and the Internet. Wireless connections, that use MDH-owned WIC routers, are encrypted and just as secure as a wired connection, so aren't higher risk. Always be aware of the source of your wireless connection. WIC laptops will automatically connect to an MDH-owned WIC router. The risk with wireless happens when you choose to connect to a network that is run by an unknown entity. There is inherent risk when using a wireless connection when you don't know who is actually running the wireless network. MULTIPLE CHOICE (select one): You are required to login to HuBERT a. As another requirement that just makes your job harder b. As another security measure c. To protect information in HuBERT from unauthorized users d. As an exercise to improve your memory e. Answers B and C The answer to that last question was kind of an easy one, right? As much as it may sometimes feel like all the usernames and passwords that we have to remember to do our job makes it harder, and as potentially advantageous it may be for assisting our memory, logging into HuBERT with our unique username and individual passwords is another security measure that protects information in HuBERT from unauthorized users. We should always make sure to login before making any changes in HUBERT. By logging into HuBERT, we are telling the system that we are responsible for the actions performed on that computer. This is why it is so important to keep our passwords secret. If anyone else were to learn our password, they could perform inappropriate actions in HuBERT for which we could be held responsible. The system uses our username to track the changes we make in HuBERT. It also creates a log to record when each of us logs in, the duration of our session and when we log out to ensure HuBERT isn't being accessed during unexpected days or hours. MULTIPLE CHOICE: How often do our HuBERT passwords expire? a. Every 30 days b. Every 60 days c. Every 90 days d. They don't - we need to remember to change them e. They don t - we never have to change them Our HuBERT passwords expire every 90 days. Page 2 of 7
3 Passphrase 1 Passphrase 2 Passphrase 3 Password Standards Passwords 2 Q7 - What do you Roles 1 Roles 2 Features Roles 3 Q8 - What do you Deactivation 1 Deactivation 2 When we create a new password, we should always try to make them hard to guess but easy for us to remember. Using multiple words to create your password is called a "passphrase". This can help our password be stronger because it's harder to guess. If we use a passphrase near-and-dear to us, it should be easy to remember. Since our HuBERT passwords must be 8-16 characters long, we could use a passphrase such as "candy is my happy". By running the words together, adding some easy to remember capital letters, and swapping out symbols and numbers for a couple of letters......we've made a really strong password (c@ndy1smyh@ppy:)) This passphrase also meets the standards for HuBERT passwords, which are: must be 8-16 characters, include upper and lower case letters, include a number, and include a special character (symbol). It must also be different from the last 9 passwords we've used. If you think your password has been compromised, be sure to change it immediately. Remember, your password protects you. TRUE/FALSE: Users are assigned a specific role in HuBERT, which limits that user's access to certain modules or functions within the HuBERT application. Everyone who uses HuBERT has been assigned a specific role, or roles, that regulates how they can use HuBERT. Most of us who provide services directly to the participant have Role 1. This allows us access to all certification and benefit issuance functionality but doesn't allow us to build the clinic calendar or to perform local admin functions such as maintaining Referral Organizations and our agency's list of medical clinics. Roles 2 and 10 allow us to perform those functions, respectively. We also have a role that only allows us to search for and view information in participant folders; a role that is assigned to peer breastfeeding counselors, which limits their ability to view and input data; and yet another role that allows users access to the Reports Environment. In order to individualize each role, it is assigned certain specific "features". These features are what allows us to do what we can do in HuBERT. In this way, roles increase the system's security by limiting our access to only those functions we need in order to do our job. TRUE/FALSE: If a user leaves unexpectedly, the agency's Coordinator should send in a HuBERT User Request to deactivate the account as soon as possible. According to MOM policy (section 9.3), "In case of unplanned departure of staff, Local Agency Coordinators must call the Help Desk to immediately deactivate the user name account." This is to safeguard against potential malicious activities that could be performed in HuBERT to corrupt data, etc. For users who are leaving on a pre-determined date, the Coordinator should send a HuBERT User Request to deactivate the user's access on their departure date at least 3-5 days before that date. Page 3 of 7
4 Physical Security 1 Physical security is probably the easiest security measure to perform and also one of the easiest to neglect. It is often a matter of practicing common sense. Q9 - What do you TRUE/FALSE: Only laptops (not desktops) need to be locked to a stationary object using a Kensington Lock. Physical Security Our laptops and desktop computers should always be locked to a stationary 2 object using a Kensington lock. Kensington locks connect to the computer so that if someone were to try to pull Kensington Locks the lock out to steal the computer, the hard drive would be damaged and the 1 computer rendered unusable, and its information inaccessible. Kensington Locks 2 Kensington Locks 3 Physical Security Each lock comes with two keys. For desktops, both keys should be stored in a secure location. For laptops, the spare key should be stored in a secure location. Preferably, this location would be separate from where the Kensington lock is used. The second key, which we use to lock our laptop down when not traveling with it, should be kept on our person to keep it secure, and not stored in a desk drawer or bag, where it might be easily found and used to unlock our computer. Data Protectors Q10 - What do you Private Data Locking Computer Q11 - What do you Traveling 1 Physical Security & Data Privacy One purpose of this training is to convey the importance of our roles as data protectors. It is our responsibility to safeguard private data that is entrusted to us as part of our daily work in the WIC Program TRUE/FALSE: Using Ctrl + Alt + Del to lock our computer is one way to protect data privacy. Information on HuBERT screens is private. The fact that a person is on the WIC Program is private information. Leaving screens unlocked to be viewed by anyone walking by is neglecting our responsibility towards our participants not to reveal their personal information. Before we walk away from our computer and leave it unattended, we should always lock it so that information on our desktop cannot be inadvertently viewed by anyone who shouldn't see it. Locking our computer is simply a matter of pressing Control Alt Delete and then the Enter key, which selects the option to lock the computer. A keyboard shortcut for locking our computer is pressing the Windows key and the letter "L". When the computer is locked, only the person currently logged in (or a person with administrative rights) can access the computer. In order to unlock it, we simply enter our password. In order to safeguard against the occasional occurrences whereby we unintentionally leave our computers unlocked, our HuBERT computers are set to auto-lock after 10 minutes of inactivity. TRUE/FALSE: As long as our laptop is in a computer bag, it is OK to leave it on the floor, or seat of our car, when traveling with it. We need to be smart when traveling with our computers. In general, we shouldn't leave our computers in our car. However, there may be instances where we have to, such as if we were to run errands between work and home. In these instances, we should always lock it in the trunk and never leave it sitting out in the open, even if it is in a laptop bag. Page 4 of 7
5 Traveling 2 Q12 - What do you Printing Documents 1 Printing Documents 2 Q13 - What do you Deleting Data Removable Media 1 Removable Media 2 Share Drives If we are using it at a conference or off-site, we need to remember to use our Kensington lock to lock it down. Since we never know who may walk by our computer, whether it is a member of our family, a friend or a stranger, none of whom is privy to the information that may be displayed, we need to make sure we always lock the screen before walking away from it. TRUE/FALSE: Printed materials with private data on them should be stored as securely as our computers. T/F (TRUE) Printed materials with private information should be stored as securely as our computers. They should not be left out in the open or stored where they can be viewed by anybody. Store them in a lockable desk drawer or file cabinet when not using them. Printing information that contains private data is sometimes necessary and unavoidable. However, again, we need to be smart about it. If we print a document or report that has private information, we should immediately go to the printer right after we send it in order to pick it up. It should never sit on the printer where any person passing by might see it or accidentally pick it up. If the printed material is no longer being used and is unnecessary, it should be destroyed as appropriate, by shredding and disposing of it in the same manner as your agency disposes of other private data. TRUE/FALSE: When we delete information from a flash drive or from our computer, it is gone forever. Information that has been deleted from flash drives or computers is not gone forever. It can always be restored or retrieved unless a data wiping process has occurred or the storage media has been physically destroyed. OK. So let's talk about removable storage media. This includes flash drives, CDs, or DVDs. In some cases, we may need to copy documents or print screens from a WIC computer onto a flash drive. However, this kind of data storage is appropriate only for short-term use. If it contains ANY participant information, it should be protected as diligently as our computers. This means, when we aren't actively using it, the removable storage device should be stored in a locked location, such as a locked desk or file cabinet. Once we no longer need the information stored on it, the information should be removed or deleted from the device. The caveat here is that even though we may have deleted the information, it should be treated as if it still contains private information. The reason for this is that even though it may look like the information is gone, it can still be easily recovered. Remember, the only time we can be ensured the information is no longer available on the removable storage device is when it is destroyed. There is one last thing we need to mention. Many of us work in environments where we have Share (or Network) drives. We need to be cognizant of the inherent risk of saving private information from the WIC Program to a Share drive that may be used by other staff within your agency who aren't privy to private WIC data. Always keep in mind when saving information who should be allowed to have access to it and who actually does have, or will have, access to it. Page 5 of 7
6 Q14 - What do you ing Info 1 ing Info 2 FileZilla Q15 - What do you Social Engineering 1 Social Engineering 2 Q16 - What do you Lost/Stolen 1 Electronic Communication TRUE/FALSE: It is OK to send with participant's names because is always secure and encrypted. In this age of constant instant communication, we may not think twice about sending participant information via . In many cases, may be encrypted, but with the multitude of different providers it is impossible to guarantee this and we should never make this assumption. There are methods for sending a secure , and you can contact your county IT if you are interested in finding out if any are available to you. However, in general, best practice is to not send private information via . All participant's have a unique State WIC ID and if it is necessary to send information about participants, then the State WIC ID should be used instead of names. The state often uses the agencygateway on the FileZilla FTP site to post documents or reports that contain private participant data. This is a secure location for storing and transferring documents. When a document is downloaded, it is encrypted during the transfer. Social Engineering TRUE/FALSE: We should never automatically provide personal participant information when requested by , phone or in person. If we receive a request for personal information, we should never automatically provide it. Never provide information unless, or until, we can fully verify who the person is and that we are 100% certain that this person has been authorized to have access to this information. Remember, WIC Federal Regulation "restricts the use and disclosure of information from WIC applicants and participants to person directly connected with the administration or enforcement of the program " We may get requests for information every day via , phone, or in person and it is our responsibility to ensure that it is appropriate for us to provide that information. We must always be very careful with any requests received in regards to a participant. In most cases, we should always contact our supervisor or coordinator, and if necessary our State Program Consultant, if we have any question at all. Lost/Stolen Computers and Media TRUE/FALSE: If a computer or storage media with participant information is lost or stolen, Local Agencies must IMMEDIATELY contact the State WIC Program. Even though our computers are encrypted, if lost or stolen, there is still huge potential for compromising private participant information. It is paramount that we immediately contact our supervisor. The State Office must also be immediately notified, including the WIC Operations Unit Supervisor, WIC Operations Information Technology Specialist, the WIC Program Unit Supervisor and our agency's WIC Program Consultant. Page 6 of 7
7 Lost/Stolen 2 We must also provide the following information: * Our agency's name and ID number * A list of the missing equipment * The location where the loss/theft occurred * The date and time the loss/theft occurred (actual if known or estimated) * The circumstances involved * A copy of the police report (if applicable) Lost/Stolen 3 Lost/Stolen 4 Review Questions References End Slide Lost or stolen equipment and media storage is taken very seriously at the State and needs to be taken just as seriously be each agency and staff person. The repercussions of losing personal or private data is widespread. It is something that affects everyone at your agency, the State Office and above. If data is indeed lost, notifications may need to be made to our participants that their information, however unintentionally, may now be in the hands of persons unknown. Therefore, we must always take the highest care when transporting and using our computers, and removable media storage, to ensure that the information we've been entrusted with is always secure. To test what you've learned by watching this module, please go to the Review Questions module to complete the security training. References: MOM, Section Data Privacy and MOM, Section Data Security. Thank you for reviewing this Security Training module presented to you by the MN Department of Health WIC Program. Page 7 of 7
Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data
Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationGeneral Security Best Practices
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA
ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA PURPOSE PURPOSE This document provides guidance to offices about protecting sensitive customer and company information. The protection of Non-public Personal
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationPCI Data Security. Information Services & Cash Management. Contents
PCI Data Security Information Services & Cash Management This self-directed learning module contains information you are expected to know to protect yourself, our patients, and our guests. Target Audience:
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationINFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationSalesforce Classic Guide for iphone
Salesforce Classic Guide for iphone Version 37.0, Summer 16 @salesforcedocs Last updated: July 12, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationMinistry of Children and Family Development (MCFD) Contractor s Information Management Guidelines
(This document supersedes the document previously entitled MCFD Contractor Records Guidelines) Ministry of Children and Family Development (MCFD) Contractor s Information Management Guidelines November
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationDSHS CA Security For Providers
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationPrivacy & Security Standards to Protect Patient Information
Privacy & Security Standards to Protect Patient Information Health Insurance Portability & Accountability Act (HIPAA) 12/16/10 Topics An An Introduction to to HIPAA HIPAA Patient Rights Rights Routine
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More information31 Ways To Make Your Computer System More Secure
31 Ways To Make Your Computer System More Secure Copyright 2001 Denver Tax Software, Inc. 1. Move to more secure Microsoft Windows systems. Windows NT, 2000 and XP can be made more secure than Windows
More informationUser Guide. Copyright 2003 Networks Associates Technology, Inc. All Rights Reserved.
Copyright 2003 Networks Associates Technology, Inc. All Rights Reserved. Table of Contents Getting Started... 4 New Features... 4 System Requirements... 4 Configuring Microsoft Internet Explorer... 4 Configuring
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More informationProtecting Privacy & Security in the Health Care Setting
2013 Compliance Training for Contractors and Vendors Module 3 Protecting Privacy & Security in the Health Care Setting For Internal Training Purposes Only. After completing this training, learners will
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationUser Guide. Active Online Backup - Secure, automatic protection
Active Online Backup - Secure, automatic protection 1. Quick Setup... 1 2. Backup Selecting Folders and Files... 2 3. Backup - Changing Selected Folders and Files... 3 4. Checking on Your Backups... 4
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third
More informationSmartHIPAA! 5 simple and inexpensive tips to protect patient information
SmartHIPAA! 5 simple and inexpensive tips to protect patient information 5 simple and inexpensive tips to protect patient information HIPAA security guidelines can be confusing and compliance expensive.
More informationMikogo User Guide Linux Version
Mikogo User Guide Linux Version Table of Contents Registration 3 Downloading & Running the Application 3 Enter Your Account Details 4 Start a Session 5 Join a Session 6 Features 7 Participant List 7 Switch
More informationITS ebilling. User s Training Manual
ITS ebilling User s Training Manual Version 1.0 November 3, 2008 Page 1 of 85 Table of Contents ebilling Training URL --------------------------------------------------------------------------- 3 ebilling
More informationHIPAA In The Workplace. What Every Employee Should Know and Remember
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
More informationComputer Network and Internet Security Awareness and Responsible Use. Indian River County School District 2014-2015
Computer Network and Internet Security Awareness and Responsible Use Indian River County School District 2014-2015 1 Through the availability of electronic resources provided by the School District of
More informationASUS WebStorage Client-based for Windows [Advanced] User Manual
ASUS WebStorage Client-based for Windows [Advanced] User Manual 1 Welcome to ASUS WebStorage, your personal cloud space Our function panel will help you better understand ASUS WebStorage services. The
More informationAllscripts Mobile Installation Guide for BlackBerry
CONTENTS Getting Started... 1 Step One - Download and Install Allscripts Mobile... 2 Step Two - Configure Allscripts Mobile... 4 Security... 8 Support... 10 Getting Started SUPPORTED PLATFORMS Allscripts
More informationKnow the Risks. Protect Yourself. Protect Your Business.
Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet
More informationInformation Security Policy for Associates and Contractors
Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationGetting Started on the Computer With Mouseaerobics! Windows XP
This handout was modified from materials supplied by the Bill and Melinda Gates Foundation through a grant to the Manchester City Library. Getting Started on the Computer With Mouseaerobics! Windows XP
More informationTenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
More informationBoston University Security Awareness. What you need to know to keep information safe and secure
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
More informationWorking Practices for Protecting Electronic Information
Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationNew World Construction FTP service User Guide
New World Construction FTP service User Guide A. Introduction... 2 B. Logging In... 4 C. Uploading Files... 5 D. Sending Files... 6 E. Tracking Downloads... 10 F. Receiving Files... 11 G. Setting Download
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationParamount Unified School District Technology and Ed Services Departments Computer In-service
4 Paramount Unified School District Technology and Ed Services Departments Computer In-service Distribute notebooks / Test logins Login information Login contexts (see Page 2) Logging in at other sites
More informationHIPAA: Bigger and More Annoying
HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL
More informationPrivacy and Security Standards
Page 1 of 19 Course 13 Topic: 01 Page: 01 Course Introduction 1 of 3 Introduction Text Description of Image or Animation Long Description: Animation. Welcome to the Course. The Department of Health & Human
More informationIT Security DO s and DON Ts
For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON
More informationComputing Services Information Security Office. Security 101
Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification,
More informationHELPFUL TIPS: MOBILE DEVICE SECURITY
HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationSTUDENT S INFORMATION SECURITY GUIDE
STUDENT S INFORMATION SECURITY GUIDE April 2013 Table of contents Information security is important - also for you...1 Use strong passwords and keep them safe...2 E-mail use...3 Beware of phishing and
More informationYOUR HIPAA RISK ANALYSIS IN FIVE STEPS
Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationINFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More information2. _General Help and Technical Support
1. _Welcome Welcome to Business Internet Banking. Our online service is available 06:00 AM ET 12:00 AM (Midnight) ET, seven days a week, so you and your employees can manage your business banking accounts
More informationSHARPCLOUD SECURITY STATEMENT
SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationUser Guide. Digital Signature
User Guide Digital Signature ENTRUST ESP 9..2 Document version: 2.2 Publication date: January 2014 This guide is the exclusive property of Notarius Inc. All reproduction, printing or distribution of this
More informationSAFEGUARDING PRIVACY IN A MOBILE WORKPLACE
SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE Checklist for taking personally identifiable information (PII) out of the workplace: q Does your organization s policy permit the removal of PII from the office?
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationFrequently Asked Questions. Categories
Frequently Asked Questions - About BLC ebank - ebank access - Accounts access (cards and loans included) - Secondary User - Transferring funds - Account register - Service Center - Security and technical
More informationInformation Security Policy
Information Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED
More informationInformation Technology Acceptable Use Policies and Procedures
Information Technology Acceptable Use Policies and Procedures The following Information Technology Acceptable Use Policies and Procedures are to be followed by ALL employees, contractors, vendors, and
More informationInformation Security Guide for Students
Information Security Guide for Students August 2009 Contents The purpose of information security and data protection...1 Access rights and passwords...2 Internet and e-mail...3 Privacy protection...5 University
More informationPrivacy Policy Version 1.0, 1 st of May 2016
Privacy Policy Version 1.0, 1 st of May 2016 THIS PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY GOCIETY SOLUTIONS FROM USERS OF THE GOCIETY SOLUTIONS APPLICATIONS (GoLivePhone and GoLiveAssist)
More informationSingle Sign-On Portal User Reference (Okta Cloud SSO)
Single Sign-On Portal User Reference (Okta Cloud SSO) Contents Okta Single Sign-on Portal... 3 Initial account creation and configuration... 3 First time manual login to the Okta Single Sign-on Portal...
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationServer Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
More informationIntroduction to Open Atrium s workflow
Okay welcome everybody! Thanks for attending the webinar today, my name is Mike Potter and we're going to be doing a demonstration today of some really exciting new features in open atrium 2 for handling
More informationProtecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012
Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Mission of Pro Bono Partnership of Atlanta: To maximize the impact of pro bono engagement by connecting
More informationHow To Protect The Time System From Being Hacked
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More informationUT Martin Password Policy May 2015
UT Martin Password Policy May 2015 SCOPE The scope of this policy is applicable to all Information Technology (IT) resources owned or operated by the University of Tennessee at Martin. Any information
More informationHP ProtectTools for Small Business Security Software, Version 5.10. User Guide
HP ProtectTools for Small Business Security Software, Version 5.10 User Guide Copyright 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationThis factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.
FSA factsheet for All firms This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. It explains: What you should
More informationWelcome to Ipswitch Instant Messaging
Welcome to Ipswitch Instant Messaging What is Instant Messaging (IM), anyway? In a lot of ways, IM is like its cousin: e-mail. E-mail, while it's certainly much faster than the traditional post office
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationUser s Guide For Department of Facility Services
Doc s File Server User s Guide For Department of Facility Services For Ver : 7.2.88.1020 Rev : 1_05-27-2011 Created by : Elliott Jeyaseelan 2 Table of Contents SERVER LOGIN & AUTHENTICATION REQUIREMENTS
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationParamount Unified School District Technology and Ed Services Departments Computer In-service
4 Paramount Unified School District Technology and Ed Services Departments Computer In-service Distribute notebooks / Test logins Login information Login contexts (see Page 2) Logging in at other sites
More informationGENEVA COLLEGE INFORMATION TECHNOLOGY SERVICES. Password POLICY
GENEVA COLLEGE INFORMATION TECHNOLOGY SERVICES Password POLICY Table of Contents OVERVIEW... 2 PURPOSE... 2 SCOPE... 2 DEFINITIONS... 2 POLICY... 3 RELATED STANDARDS, POLICIES AND PROCESSES... 4 EXCEPTIONS...
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationWritten Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.
Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationPolicy for Protecting Customer Data
Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees
More informationInformation Technology Department. Miller School of Medicine New User Guide
Information Technology Department Miller School of Medicine New User Guide EDUCATION & COMMUNICATIONS Miller School of Medicine New User Guide 1051 NW 14 th Street #165, Miami, FL 33136 (305) 243-5999
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationBULLGUARD BAckUp GUIDE
BULLGUARD backup GUIDE CONTENTS BullGuard Backup introduction page 3 Installing BullGuard Backup page 6 Uninstalling BullGuard Backup page 11 Registering BullGuard Backup: creating an account page 12 Running
More information