Initial Cyber Security Briefing



Similar documents
Introduction to Computer Security

Environmental Management Consolidated Business Center (EMCBC) Subject: Policy on the Control of Unclassified Electronic Information

How To Protect Decd Information From Harm

How To Protect Your Information From Being Hacked By A Hacker

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

HFS DATA SECURITY TRAINING

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Information Security Training 2012

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

ANNUAL SECURITY RESPONSIBILITY REVIEW

How To Protect The Time System From Being Hacked

SHS Annual Information Security Training

Facts About the South Dakota Identity Theft Program

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Information Services. Protecting information. It s everyone s responsibility

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Computer Security Incident Reporting and Response Policy

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

Appendix H: End User Rules of Behavior

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE

13. Acceptable Use Policy

Department of Defense INSTRUCTION. Security of Unclassified DoD Information on Non-DoD Information Systems

Policy: Control of Unclassified Electronic Information

Rules of the Road for Users of Smithsonian Computers and Networks

Identity Theft Prevention Program Compliance Model

HIPAA and Health Information Privacy and Security

Managing Information Stanford

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

For: All FSA Employees (Federal and Non-Federal) and Contractors

National Cyber Security Month 2015: Daily Security Awareness Tips

How To Encrypt a File using Windows Explorer and WinZip. For Use With All PII Data

General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information

Information Security Awareness Training and Phishing

Information Security: Roles, Responsibilities, and Data Classification. Technology Services 1/4/2013

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

Acceptable Use Guidelines

Overview of the HIPAA Security Rule

REVISION: This directive supersedes TSA MD , Handling Sensitive Personally Identifiable Information, dated March 13, 2008.

Cyber Security Best Practices

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

Working Practices for Protecting Electronic Information

Acceptable Use Policy

IA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE

Ginnie Mae Enterprise Portal (GMEP) User Registration for Custodian ONLY

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Data Protection Division Guidance Note Number 10/08

Clear Creek ISD CQ (REGULATION) Business and Support Services: Electronic Communications

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Countering and reducing ICT security risks 1. Physical and environmental risks

Acceptable Use of ICT Policy. Staff Policy

& Internet Policy

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

HIPAA Compliance Evaluation Report

HIPAA Privacy. September 21, 2013

PRIVACY IMPACT ASSESSMENT

PHI- Protected Health Information

So the security measures you put in place should seek to ensure that:

Executive Vice President of Finance and

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security Policy for Associates and Contractors

Information Security It s Everyone s Responsibility

MCOLES Information and Tracking Network. Security Policy. Version 2.0

AUBURN WATER SYSTEM. Identity Theft Prevention Program. Effective October 20, 2008

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

LSE PCI-DSS Cardholder Data Environments Information Security Policy

Security Management. Keeping the IT Security Administrator Busy

DHHS Information Technology (IT) Access Control Standard

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

The Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015

Know the Risks. Protect Yourself. Protect Your Business.

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

At Cambrian, Your Privacy is Our Priority. Regardless of how you deal with us on the phone, online, or in person we have strict security measures

Security Solutions for HIPAA Compliance

Appendix A: Rules of Behavior for VA Employees

Intel Enhanced Data Security Assessment Form

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

CREDIT CARD SECURITY POLICY PCI DSS 2.0

How To Maintain A Security Awareness Program

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

COMPUTER USE POLICY City of Proctor

Memorandum. Audit Report No.: OAS-L REPLY TO ATTN OF: Chief Financial Officer, CF-1 TO: INTRODUCTION AND OBJECTIVE

BSHSI Security Awareness Training

Estate Agents Authority

Sample Employee Network and Internet Usage and Monitoring Policy

Acceptable Usage Policy

Hengtian Information Security White Paper

Use of ESF Computing and Network Resources

FedEx Guide for. Information Security. Version 5.0

DHS Chemical Security Program: Cyber Security Requirements

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Evaluation Report

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

IT Security DO s and DON Ts

Information Security It s Everyone s Responsibility

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

Transcription:

Initial Cyber Security Briefing For New Hires, Visitors, and Contractors NT 75.20 Chief Information Officer Division Cyber Security Department

GOAL Introduce cyber security requirements at Pantex as outlined in the Cyber Security Resource Manual (MNL-00070) 2

The Role of Cyber Security To assure that effective Cyber Security policies, procedures, and countermeasures are implemented in accordance with federal requirements and risk-based decisions, and guarantee the integrity, availability, and confidentiality of our information and systems In other words, to protect our nation s nuclear information 3

Who Must Comply with Cyber Security Requirements Everyone on Plant site Who will use or have access to Pantex computing resources Must have some form of training before using such resources If you will be onsite over 10 working days: Required to take CB 75.37 within three weeks of this briefing or your computer access will be suspended. You must work with your Division Training Officer to complete this training 4

Primary Governing Document Cyber Security Resource Manual, MNL-00070 Informs Users of: Policies Procedures Practices Work Instructions amplify processes 5

Primary Governing Document (cont.) The Cyber Security Resource Manual, MNL-00070 can be found on the: Cyber Security internal web page Universal Content Manager (UCM) 6

Cyber Security Concerns #1 Threat - The Insider The deliberate insider or The accidental insider I m Late! I m Late! 7

Cyber Security Concerns (cont.) You can become an accidental insider if you: Are too busy, have a deadline to meet Don t lock your computer system Leave unprotected information on your desk Don t think the rules apply to you Don t become part of the problem Protection of computer resources and our nation s information depends on YOU! 8

Cyber Security Concerns (cont.) Phishing, Spear-phishing, and SPAM NEVER OPEN email from an unknown source NEVER respond to requests for personal data NEVER click on embedded links Don t put your Pantex email out for harvesting Send SPAM to SPAM@Pantex.com (see our web page for instructions) 9

Cyber Security Concerns (cont.) Controlled Unclassified Information (CUI) Official Use Only (OUO) Unclassified Controlled Nuclear Information (UCNI) All require special protection Never send it via email unless it is encrypted with an approved application (Entrust or PointSec, or WinZip Pro) UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION (UCNI) NOT FOR PUBLIC DISSEMINATION 10

Cyber Security Concerns (cont.) Personally Identifiable Information (PII) Anything that identifies you Never send it via email unless it is encrypted with an approved application (Entrust or PointSec or WinZip Pro) BE CAREFUL about responding to emails with PII o Don t hit Reply without removing the PII 11

Misuse of Computer Resources and the Consequences Official business use only Exceptions: o Approved educational activities (after or before work hours) o Participation in Company-supported activities United Way Christmas Project Employee Events Council Consequences: Up to and including termination 12

Misuse of Computer Resources and the Consequences (cont.) You need to know Cyber Security monitors: Internal and external systems Pages Unauthorized use/internet usage Passwords that don t meet criteria Email transmissions Classified information Unencrypted CUI Embedded or attached pictures There is NO expectation of privacy 13

Misuse of Computer Resources and the Consequences (cont.) Some issues that generate a Cyber Incident / Security Infraction 1. Compromise of passwords Never write down a password Never share a password Classified and unclassified passwords must never be the same 2. Abuse or misuse of Internet access 3. Sending CUI Information off-site without encryption 4. Contamination of unclassified system with classified data 5. Viewing/saving sexually explicit/suggestive material 14

Misuse of Computer Resources and the Consequences (cont.) If you know of or witness an incident, you MUST report it immediately to the Cyber Security Inquiry Official at extension 3818 15

Items of Cyber Interest Unapproved Items The following personally owned articles are prohibited in the Security Areas (Property Protected, Limited, Protected, and Material Access Areas): Wireless keyboards Laptops Software of any type, including screensavers 16

Items of Cyber Interest (cont.) Approved Items on unclassified computer systems only IronKey thumb drives are the only thumb drives approved for read/write use Personal thumb drives are approved for read access only Music CDs/DVDs 17

How to get Help with Cyber Security Issues Getting help with Cyber Security issues is easy! Call the Cyber Hotline, extension 7060 Go to our Cyber Web Page (Our Functions / Information Technology / Cyber Security) 18

Purpose of the Code of Conduct Statement Code of Conduct Statement for Computer Users Federal requirements state that all personnel must be trained in the general requirements for protection of our computing resources 19

Purpose of the Code of Conduct Statement (cont.) When you sign the Code of Conduct you are confirming that you: Agree to comply with all rules and procedures for use of Pantex information resources Will use the computer system for official business use only Accept your responsibility for protecting government computing resources and information it processes 20

Things to Remember 21

Conclusion You are responsible, but we are here to help. Please ask before you act! Questions and Answers! 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information