Data Stored on a Windows Server Connected to a Network



Similar documents
Data Stored on a Windows Computer Connected to a Network

Attachment A Form to Describe Sensitive Data Security Plan for the Use of Sensitive Data from the National Longitudinal Study of Adolescent Health

System Security Policy Management: Advanced Audit Tasks

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

About Microsoft Windows Server 2003

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

Unit 11: Installing, Configuring and Administering Microsoft Windows Professional

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Locking down a Hitachi ID Suite server

Windows IIS Server hardening checklist

Microsoft Baseline Security Analyzer

Web. Security Options Comparison

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

General DBA Best Practices

Cybersecurity Health Check At A Glance

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

Windows Operating Systems. Basic Security

Chapter 15: Computer and Network Security

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

imagepress CR Server A7000 Powered by Creo Color Server Technology For the Canon imagepress C7000VP/C6000VP/ C6000

How To Secure An Rsa Authentication Agent

Supplier Security Assessment Questionnaire

English. Network Sharing. Ver.3.0. * Firmware

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Web Security School Entrance Exam

Windows 2003 Server Installation Guide

System Management. What are my options for deploying System Management on remote computers?

ilaw Server Migration Guide

TROUBLESHOOTING INFORMATION

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

USFSP Network Security Guidelines

Migrating helpdesk to a new server

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Module 5 Introduction to Processes and Controls

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

MS SQL Server Backup - User Guide

Windows Server 2003 default services

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

GFI White Paper PCI-DSS compliance and GFI Software products

Windows Server 2008/2012 Server Hardening

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Web Plus Security Features and Recommendations

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

New ehealth Computer Account User Information. July 2014

enicq 5 System Administrator s Guide

Technical Note: How to Move AccountMate for SQL/Express to a Different Server

Manufacturer Disclosure Statement for Medical Device Security MDS 2 DEVICE DESCRIPTION MANAGEMENT OF PRIVATE DATA

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Security Guidelines for MapInfo Discovery 1.1

Microsoft Windows Client Security Policy. Version 2.1 POL 033

1 of 10 1/31/2014 4:08 PM

FileMaker Security Guide The Key to Securing Your Apps

SQL Server Hardening

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Basic knowledge of the Microsoft Windows operating system and its core functionality Working knowledge of Transact-SQL and relational databases

Dooblo SurveyToGo: Security Overview

Information Technology Security Procedures

Version 4.61 or Later. Copyright 2013 Interactive Financial Solutions, Inc. All Rights Reserved. ProviderPro Network Administration Guide.

Administrator s Upgrade Guide.

Setting Up Scan to SMB on TaskALFA series MFP s.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later

Client Security Risk Assessment Questionnaire

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

Course Syllabus. Microsoft Dynamics GP Installation & Configuration. Key Data. Introduction. Audience. At Course Completion

Pearl Echo Installation Checklist

Setup and configuration for Intelicode. SQL Server Express

Best Practices For Department Server and Enterprise System Checklist

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Department of Information Technology Active Directory Audit Final Report. August promoting efficient & effective local government

Remote Administration

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

SecureVault Online Backup Service FAQ

Implementing HIPAA Compliance with ScriptLogic

Workflow Templates Library

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Manufacturer Disclosure Statement for Medical Device Security MDS 2 DEVICE DESCRIPTION MANAGEMENT OF PRIVATE DATA

Wellesley College Written Information Security Program

Installation / Migration Guide for Windows 2000/2003 Servers

Installation Guide for Workstations

Version: Page 1 of 5

Hardware and Software Requirements for Installing California.pro

4cast Server Specification and Installation

Agency Pre Migration Tasks

Transcription:

Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to a Network All requests for data must include the following information. I. General Information 1. List below the name(s) and responsibilities of the investigator(s) and the research staff (students, research assistants, and programmers) who will have access to the data. Changes in personnel require that this information be updated. 1b. PI Institution PI contact information: Email Phone number System Administrator contact information: Email Phone number 2. Each participant must sign a separate security pledge to be included with the contract. As new personnel are added during the period of this contract an amended Attachment C and new security pledges must be obtained and sent to the Carolina Population Center. A security pledge form can be found under Attachment D. Please copy for each participant. Number of security pledges included: 3. Only one complete copy of the Add Health data is permitted; however, time-delimited temporary data analysis files may be created. Temporary data analysis file(s) must be deleted every six months and recreated, as necessary, to complete analysis. Additionally, temporary data analysis files should be deleted upon completion of a project. All temporary data analysis files will be deleted and every year. month month 4. Add Health data, including temporary data analysis files or subsets of the data, may not be copied to other media such as CDs or diskettes to be used on other machines and platforms. All Add Health data must remain in the same secure location as the one copy of the original Add Health data.

I agree to this condition. Investigator initial 5. The time frame for analysis of the data should not exceed three years from the date that data files originally were sent to the investigator. Research projects requiring the data for more than three years should submit annual requests for continuation three months prior to the end date of the current project. Data, paper and electronic, shall be destroyed on that date unless prior arrangements have been made with Add Health. I agree to this condition. Investigator Initial II. Detailed description of computer system where data will be stored and analyzed 1. What type of hardware/operating system will be used? 2. What is the physical location of the hardware? 3. What is the physical location (building, room number) of the computer(s) that will be used? 4. How are backups handled, and how will Add Health data be excluded from the backup routine?

5. Who has physical access to the equipment? 6. Who has permission to use the equipment? 7. Is the equipment used by other projects? 8. Where will hard copy info be printed? 9. How will hard copy data be handled/stored/discarded? 10. What is the secure storage location (building, room number, and type of storage unit) of the original data CD?

III. Security system to prevent unauthorized access to the data The following are minimum steps that should be taken to secure your Windows server that houses the Add Health data if your computer is connected to a network. Please indicate below each security step you have implemented. Please write a short explanation if you can not implement a specific step. Physical Security of a Windows server on a Network 1. I secured the server on which the Add Health data resides in a locked room. 2. I activated a screen saver with password after three minutes of inactivity at the workstation. Controlling Access to the Data 1. I restricted access to the Add Health data to project personnel using the security features available via the operating system (e.g., login via userid/password and NTFS permissions). 2. I installed encryption software for directories containing secure data (e.g., Windows 7/8 encryption).

Name of encryption software: 3. I installed and periodically run a secure erasure program. This program will be run monthly and after the secure data has been removed from the computer at the end of the contract period. Name of secure erasure software: 4. I require strong passwords. Protecting the Data from Unauthorized Access Across the Wire 1. I did not install IIS or MS SQL server on the Windows computer that houses sensitive data. 2. I turned off all unneeded services and disabled unneeded network protocols. 3. I disabled NetBIOS over TCP/IP. 4. I replaced the Everyone group with the Authenticated Users group from the Access this Computer from the Network user right.

5. I disabled the Guest account. 6. I replaced the Everyone group with the appropriate group(s) on critical system folders, files, and registry keys. 7. I restricted Share permissions to only those groups that need access. 8. I removed, disabled, or renamed administrative shares. 9. I restricted/prevented anonymous access and enumeration of accounts and shares. 10. I created a new userid for administrative purposes and removed the original administrator userid's administrative privileges. 11. I protected the administrative password.

12. I encrypted the SAM. 13. I installed, and will maintain, all OS and application (e.g., Internet Explorer) security patches. 14. I subscribed to the Microsoft Security Notification Service. 15. I installed an antivirus software program and will keep the virus definition files updated. Name of antivirus software: 16. I secured performance data. 17. I enabled auditing and will check the logs often. 18. I disabled or removed Windows Scripting Host.

19. I use a corporate, hardware, or personal (software) firewall. Name of firewall: 20. I configured the statistical application(s) on the local workstation (e.g., SAS, Stata, SPSS) to point all temporary files to the secured Add Health directory on the server. Name of statistical application(s) in use: Investigator (or system administrator) initial

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information