GOOD INFORMATION SECURITY PRACTICES Keeping Sensitive Data Confidential Tim Thomas Region 6...
-
Upload
garey-mcgee -
Category
Documents
-
view
217 -
download
0
description
Transcript of GOOD INFORMATION SECURITY PRACTICES Keeping Sensitive Data Confidential Tim Thomas Region 6...
GOOD INFORMATION SECURITY PRACTICES
Keeping Sensitive Data ConfidentialTim Thomas
Region 6 CoordinatorWCGRH LAN Engineer
DHR/OIT
Office of Information Technology
DHR Helpdesk
1-800-764-1017
Office of Information Technology
Keep A Lid On It!
• Keep private information confidential. – Some of you may be handling very sensitive
data• People’s private health information• People’s private financial information• People’s private family information
– Only share sensitive information with people who are authorized to know
– That includes verbally, in writing and electronically
Office of Information Technology
• GEORGIA DEPARTMENT OF HUMAN RESOURCES• Human Resource/Personnel Policy #1205• USE OF STATE PROPERTY• EFFECTIVE DATE: June 1, 2003 RELEASE DATE: May 30,
2003• REFERENCE: DHR Human Resource/Personnel Policy #1201
- Standards of Conduct and Ethics in Government• State property is to be used for work-related reasons only.
Employees are not to use, misuse or permit the use of State property for other than work-related reasons. State property includes, but is not limited to: computers, telephones, cellular phones, fax machines, copiers or other equipment, supplies, vehicles, work areas and furniture.
Office of Information Technology
• Email, Internet and other computer tools and equipment are provided to employees for work-related reasons, and must be used for work-related purposes.
• The display or transmission of sexually oriented material is prohibited. Other prohibited uses include, but are not limited to, ethnic slurs, racial or other off-color jokes or remarks, game playing, or anything that may be considered harassment or expressing disrespect for others.
• Employees are not to engage in other employment activities while on duty. Conducting personal business or otherwise performing other employment activities using computers is prohibited.
• All information in state computers, including but not limited to e-mail transmittals, is subject to inspection by appropriate management at any time. No employee has a privacy interest in any information contained in a state computer.
Office of Information Technology
Office of Information Technology
Office of Information Technology
Passwords
Office of Information Technology
Express Yourself!
• Be creative in choosing passwords– Use at least 8 characters in your password
• The bigger they are the harder it is to make them fall– Use numbers and special characters in your
password• Special Characters: !@#%&*?$
– Use phrases to create your password• It’s a beautiful day in the neighborhood: 1@bD1tn!
– Pick a verse favorite of your song…• I want to be a number one: Iw2b@#1!
Office of Information Technology
Password Reset
Office of Information Technology
Password Reset
Office of Information Technology
Password Reset
Office of Information Technology
E-Mails
Office of Information Technology
Fear The Unknown!
• Don't open email attachments from unknown sources. – Be suspicious of any unexpected email– If it comes from outside and you don’t know the
sender, delete it. Curiosity has its place!– If it comes from the inside and looks suspicious
contact the person and verify they sent it• If they didn’t send it, notify the information security
office or the helpdesk 1-800-764-1017.• Don’t visit inappropriate web sites
Office of Information Technology
Internet
Office of Information Technology
Internet Security and Use DHR has Internet services to support the advancement of business
goals and objectives. Use of computer resources and networks must be business-oriented. Internet access is monitored and recorded Each use of the internet must be able to withstand public scrutiny
without embarrassment to DHR or the State of Georgia. Limited personal use is acceptable and is subject to the same
acceptable usage policies. Users must not access inappropriate sites. Accessing sites with offensive material is prohibited.
Remember the Internet is not private. Any site on the Internet can trace you to your name and location.
Office of Information Technology
Some Examples of Inappropriate Internet Usage
• Illegal activities• Wagering or betting• Harassment and illegal discrimination• Commercial activities (e.g., personal for-profit business
activities)• Promotion of political or religious positions or activities• Receipt, storage or transmission of offensive, racist, sexist,
obscene or pornographic information• Downloading software (including games, wallpaper, weather
programs and screen savers) unless agency sanctioned (and installed by DHR Technical Support)
• Use by individuals other that state employees• Chat sessions or bulletin boards, unless business related• Online/Streaming - Music, video’s, News/Entertainment
Office of Information Technology
Cover Your Tracks!
• Don’t leave sensitive information lying around. – Always lock your PC screen when you are
leaving your work area• 3 finger salute (ctrl+alt+del)
– Perform a perimeter check at the end of the day• Lock away papers containing sensitive information • Shut down your computer• Make sure not sensitive information is exposed
Office of Information Technology
Shred and Forget It!
• We are required to properly dispose of data that is of no more use, regardless of the media type. – Overwrite
• DOD Standard 5220.22-M– Degauss
• Electromagnetic cleansing– Destroy
• Physical destruction of the media
Office of Information Technology
We Are Our Brother’s Keeper!
• Information Security is everyone’s responsibility. – It’s part of your job function– Federal, State, & DHR mandates that we protect
this sensitive information– Failing to abiding by these mandates is
punishable by fine and/or imprisonment • Could cost the state money and embarrassment• Could cost constituents money and embarrassment• Could cost you money, embarrassment and freedom
Office of Information Technology
Stay Mindful!
So, always be mindful of your responsibility as it pertains to sensitive information that the State has entrusted you with and enjoy a long an prosperous
career here at DHR.
Office of Information Technology
DHR Helpdesk
1-800-764-1017