FFY2010

1

FFY2010FFY2010

August 12 & 13, 2009

St. Cloud MinnesotaHoliday Inn

EAP Annual EAP Annual TrainingTrainingSection 2.0 Risk ManagementSection 2.0 Risk ManagementIncludes Risk Assessment, Risk Mitigation (Dup Check), Data Practices, Debtor Exemption Claim Notice and Security

2

2. Risk Management2. Risk Management Involves Identifying priority activities within the

organization for risk assessment by considering area that materially impact the financial position and results of operations (e.g., assets, liabilities, revenues, expenses or expenditures account balances that are material in dollar amount)

Risk ManagementRisk Management

3

Risk Management IntroductionRisk Management IntroductionMajor part of ICF Local, regional and natural disaster and technical

failure planning are only a part of risk management Focus is on managing the risk of improper use of

public funds This year the concept was introduced into the Local

Plans• Looking for a single, not a homerun this year• Build on this each year


4

What is Risk Management?What is Risk Management? Lessening adverse impact if a risk event occurs is the heart of good

risk management Assuring events do not result in disaster It is geared towards potential events that may occur when things are

different from planned, sometimes called omissions and errors

Above & Beyond Program Design: Core EAP design addresses risk with controls policies, technical support

(eHEAT), segregation of duties & monitoring services and financial activities. EAP has controls to reduce the possibility of the actions of an individual creating incident, error or fraud.

Service Providers create detailed plans for their activities to assure, among other things, segregation of duty & back up plans if loss of staff.


5

Risk ManagementRisk ManagementRisk management involves:DeterminingAssessingPlanningMonitoringMitigating


6

EAP Role In Risk ManagementEAP Role In Risk Management General Expectations

• Acknowledge your responsibility to design, implement & maintain the control structure• Contribute direction to identify, prioritize and review risks and controls• Remove obstacles for compliance; remedy control deficiencies• Conduct self-assessment & testing to monitor the controls within your processes• Routinely (Quarterly):

• confirm key controls are implemented and effective• maintain documentation to support this assessment

Immediate Action Items• Educate your personnel about this effort• Reinforce internal focus on controls within your area• Surface any risks, concerns or issues promptly to allow adequate attention for

correction• Fix control gaps as soon as possible


7

Evaluate the nature & types of errors & omissions that could occur, i.e., “what can go wrong”

Consider significant risks (errors and omissions) common in the industry or have been experienced in prior years (ex.: Mich, Penn)

Information Technology risks (i.e. - access, backups, security, data integrity, non-segregation of duties)

Areas where segregation of duties would reduce risk Volume, size, complexity and homogeneity of the individual transactions processed

through a given account or group of accounts (revenue, receivables) Susceptibility to error or omission as well as manipulation or loss Robustness versus subjectiveness of the processes for determining significant

estimates Extent of change in the business and its expected effect Other risks extending beyond potential material errors or omissions in the financial

statements

Risk ConsiderationsRisk Considerations


8

Consider a railroad crossing and developing appropriate controlsRisk ConsiderationsRisk Considerations


A rural road with little traffic & slow train, a sign

A busier road & train is faster, add lights & crossing sign at tracks

Very busy, train is flying and school buses cross, crossing gates

9

Risk Management MechanicsRisk Management Mechanics


The risk assessment tool reduces risk when used to identify, assess, plan for & maintain routine monitoring of risk areas

10

Risk Management MechanicsRisk Management Mechanics


Uncertainty Item Result of OccurrenceProbability of Occurrence

Severity of Impact Response Indicators

What

Geared towards events that may occur when things are different from planned sometimes called omissions and errors.

Drive around gates

Narrative of the outcomes if the event occurs

Calculate damageSchool bus is very sad & bad publicity

Designate likelihood of event and, if helpful, a description of why the probability was selected

People in this county go around

Designate a level of impact if the event occurred.If applicable, a description of why the probability was selected.

Slow train, low impact injury

Describes what to do when you find out On rural road the injuries might be measured by EMT response time. Maybe different Preparedness for different users. (Bus & tanker rules)

Describes how the event becomes known

How

1. Brainstorm with staff2. Reduce list3. Assess using this

matrix. This is iterative, so change or eliminate as you learn

4. Review periodically

Describe what happens. Be as complete as possible. This helps to determine severity, response and indicator

Can use rating of High, Medium and Low with narrative prose.

Can use rating of High, Medium and Low with narrative prose.

Key response off Result, Probability & Impact. Depending on combinations, responses include:1. Prevent2. Check Routinely3. Response Plan

ID ways event is discovered & develop ways to monitor for if weaknesses are discovered. Enact these measures

11

Uncertainty ItemMatrix Cell Direct Payments to household. Direct payments remove a check

point from normal EAP controls by removing vendor registration and vendor cross checks. Could include an application processor fabricating households. If combined with falsifying households for application, multiple direct payments could be generated

Consider-ationsProgrammaticControls places limits, but riskstill exists.

Risk manage-ment looks theItems beyond the limits

EAP excepts limited risks, but this assures due diligence is done for the omissions. Program Controls EAP pays energy vendor. DOF, DOC & eHEAT registration. Vendors and households gets notification. Policy: Households may receive direct payments when payment to vendors is difficult. 1.Self cut wood receive amount remaining after benefit is distributed2.Households with electric and heat included in the rent. 3.Households with heat included in rent, and only exceeds their electric costs4.Households whose vendors refused to sign the vendor agreement.5.Households unable to secure a vendor.

Item ExampleItem Example

12

Item ExampleItem ExampleResult of Occurrence

Matrix Cell • Household receives one or more cash benefit• Benefit is used for non intended purposes or misused by

household• Very bad publicity for program affects services to others in need,

when 5 Eye Witness News reports people cashing it at local bar• Multiple direct payments by one person would result in services not

available for other households in need

Consider-ations

Thinking of results is also constrained by the program rules

13

Item ExampleItem ExampleProbability of Occurrence

Matrix Cell Low to MediumFor a single household MediumFor conspiracy with an Application processor Low

Consider-ations

Conspiracy reduces the probability, but this must be considered with the ease, the payback and the penalty:- A higher payback makes it more worth the risk- Conspiracy makes it complicated to keep secretIn this exampleFor the household: - The penalty is low- The payback is medium considering penaltyFor the Application processor - Penalties are high (Job)- Payback is higher

14

Item ExampleItem ExampleSeverity of Impact

Matrix Cell • Low to Medium• For a single household Low• For conspiracy with an Application processor high

Consider-ations

Low because of limits on benefit amounts unless multiple

15

Item ExampleItem ExampleResponse

Matrix Cell • Require accounts whenever possible • Recover funds when it occurs• File Incident Report• Investigate incident and escalate appropriately (Error and Fraud)• Terminate staff if involved

Consider-ations

Plan for the response and educate people

16

Item ExampleItem ExampleIndicators

Matrix Cell • Report from concerned citizen• Pattern of direct payments to a similar addresses, name etc. (Data

analysis)• An inordinate amount of direct payments for an SP without socio

economic reason (eHEAT data)• Inordinate number of direct payments form a particular Application

Processor (Files and eHEAT)

Consider-ations

The first bullet is a common way to hear about this but developing ways to monitor is the maturation of risk management

17

Risk Management ExampleRisk Management Example


Uncertainty Item Result of OccurrenceProbability of Occurrence

Severity of Impact

Response Indicators

Direct Payments to household. Direct payments remove a check point from normal EAP controls by taking vendor registration and vendor cross checks. Could include an application processor fabricating households. If combined with falsifying households for application, multiple direct payments could be generated.

Household receives one or more cash benefit

Benefit is used for non intended purposes or misused by household

Very bad publicity for program affects services to others in need, when 5 Eye Witness News reports people cashing it at local bar

Multiple direct payments by one person would result in services not available for other households in need

Low to MediumFor a single

household Medium

For conspiracy with an Application processor high but conspiracy requires more risk of secrecy and penalty

Low to medium For a single

household Low

For conspiracy with an Application processor high especially with if multiple households

Limit occurrences of direct payments by having system distribute to next available vendor. For risk areas: Require accounts whenever possible Recover funds when

it occursFile Incident ReportInvestigate incident

and escalate appropriately (Error and Fraud)

Terminate staff if involved

Report from concerned citizenPattern of direct payments to a similar addresses, name etc. (Data analysis)An inordinate amount of direct payments for an SP without socio economic reason (eHEAT data)Inordinate number of direct payments form a particular Application Processor (Files and eHEAT)

18

The Local Plan requires risk assessment. The State has started to conduct formal risk assessment State & Service Providers identify risk and use program

specific knowledge to do diligent planning, monitoring and actions for these risks.

The State will continue to develop risk management requirements and practices. Examples include: Duplication Checks and other queries The FFY2010 Local Plan is a first step of formalizing the SP process SP should design practices to improve it DOC will support the development of competency in this area DOC will conduct risk management activities

Risk Management and EAPRisk Management and EAP


19

Dup Check is not a Russian hockey playerDup Check is not a quality control effortDup check is a risk mitigation activityEAP must do due diligence on risk areas to assure

responsible management of public funds

Dup CheckDup Check


20

Payments to vendors accounts is the main way money money flows

Using it as a key, there cross checks with other data:

Why Dup Check on Vendor Accounts?Why Dup Check on Vendor Accounts?

HH_NBR FIRST_NM LAST_NM SSN DOB CUST_ACCT_NM

VNDR_NM

HOUSE_NBR STREET

APT_NBR

CUST_ACCT_NBR

111111 CAROL NUMBERSWITCH 717449103 16-Feb-51 CAROL NUMBERSWITCH CPE 3828 LIAR AVE S<null> 1111111

888888 CAROL NUMBERSWITCH 414779103 16-Feb-51 CAROL NUMBERSWITCH S CPE 3828 LIAR AVE<null> 1111111

222222 SPACEY EL ROY 472111111 03-Jul-58 SPACEY ELROY CPE 1410 GERRYRIG AVE 2 2222222

999999 TOUHY SHAM ELROY 475222222 06-Dec-82 SPACEY EL ROY CPE 1410 GERRYRIG AVE 1 2222222

333333 WANDA TRICKYBERGER 472111111 24-Oct-68 ERNEST TRICKYBURGER CPE 4208 12TH AV S<null> 3333333

666666 WANDA TRICKYBERGER 475222222 24-Oct-68 WANDA TRICKYBERGER CPE 4208 12TH AVE S<null> 3333333


21

Overview DOC will periodically produce a matching account numbers list

(Early & often to keep effort sizable). SP will receive a secure email with their list. SP investigates by performing the following processes:

1. Analyze & validate reason match is correct2. Escalate as needed (Detail in the following slides)3. Take appropriate corrective action4. Document results and report

Dup Check Procedure for FFY2010Dup Check Procedure for FFY2010


22

Step 1: Validate the Reason for Match Is Correct If you know a valid reason for duplication enter the reason for

the duplicate vendor account number on the spreadsheet Look at paper application and file. Determine probable reason

and escalate appropriately. Ask household(s) to explain if appropriate occurrences and

record finding in list

Examples: One household moved out and now rents the house to a relative who applied for EAP. Building has multiple units with one landlord account.



23

Step 2: Duplicate Application Error Take corrective action including recalling fundsClose duplicate applications Record an explanation of your determination on the

spreadsheet



24

Step 3. Duplicate Application – Fraud Suspected Review previous years and review all the information provided Take corrective action including recalling funds Submit an incident report Close duplicate applications Record an explanation on the spreadsheet

Investigate fraud, report to officials and follow EAP Policy Manual Chapter 17



25

Step 4: Return list with validation or actions to DOC The completed list (Excel spreadsheet) with

explanations is due at [email protected] A deadline will be prescribed. DOC tracks compliance.Delete the household’s private data (name, SSN,

address, vendor account name) before returning the spreadsheet. Contact your EAP field representative if you have any questions.



26

Best & Other Practice Applications with the same vendor for Heat & Electric should

list the vendor once, choose heat and electric as vendor type. Less likely to get false positives for risk and best for application processing.

Need to report issues and non issues. As a program we need to assure we have done due diligence to protect the integrity of the program

Late report will result if you don’t respond to request



27

Data Practices in the EAP Data Practices in the EAP ManualManualChapter 19. DATA PRACTICES AND RECORDS p. 120


28

CChapter 19. DATA PRACTICES AND RECORDShapter 19. DATA PRACTICES AND RECORDSData Practices Policies and Procedures, Private Data

• Who has access• Who does not• Must be released to the individual or to a 3rd party with

consent

Social Security Number for EAP Applications• Optional


29

Chapter 19. DATA PRACTICES AND Chapter 19. DATA PRACTICES AND RECORDSRECORDS Application Documentation, p. 122

• Where and how to save application documentation Security Of Records, p. 123

• List of requirements to secure records Records Accessibility, p.124

• What it means to have access to records• Reasons for maintaining access to records

Record Retention Requirements, p.124• Records to retain


30

Informed Consent For Release Informed Consent For Release Of InformationOf Information Informed consent is needed when the information

will be given or sent to a third party.• Example: Garnishment information requests often go

to an attorney

“Informed consent” are key words that need to be taken at face value• The statute is very specific about what must be

included in an informed request


31

Data Practices FocusData Practices Focus Develop a good working relationship with the data practices

contact in your agency, if there is one Plan – Have a written policy

• Who will have authority to see private data• Who will have authority to release private data• How your agency will maintain data security in all situations• How you will request private data and document the request• How you will maintain documentation of requests for private data• How you will train staff on data privacy requirements

Use centralized authority in the agency, if any Centralize authority in EAP, if possible


32

Plan - Local Procedures Plan - Local Procedures NeededNeeded To request information allowed by the application

consent so the request is done in a consistent manner and so each request is documented

Best practice is for the local procedures to use a form for requesting information by letter or e-mail and a format for documenting a request by telephone


33

Minnesota Department of Administration Minnesota Department of Administration Information Policy Analysis Division – Information Policy Analysis Division – IPAD IPAD The State authority on Data Practices If you have questions about information policy laws,

including Minnesota’s Data Practices Act and the Open Meeting Law, you’re at the right place. Look over the resources on this website or give us a call. (Copied from IPAD

website) http://www.ipad.state.mn.us


http://www.ipad.state.mn.us/

34

New Technology – New Data PracticesNew Technology – New Data Practices Laptop Security Imaging Equipment

• Data access• Data storage• Data retrieval and back-up• Best Practice – Before destroying paper documents–Make sure it all works– Every imaged document is accessible and as readable– No problems exist regarding record retention


35

Electronic Records Management Electronic Records Management GuidelinesGuidelines Recommended by IPAD

• Minnesota Historical Society http://www.mnhs.org/index.htm - home pagehttp://www.mnhs.org/preserve/records/electronicrecords/erintro.html

Imaging/scanning and storage of household files• Which Minnesota laws apply to electronic records? • How do we use electronic records to help ensure public accountability while ensuring

that not-public records are protected? • Who is responsible for developing our electronic records management strategy? • How do we dispose of electronic records? • Should we manage our electronic records differently from our paper records? • How do we know what information is an electronic record? • Is an electronic copy of a record an acceptable substitute for the original? • Does an electronic record have the same legal significance as a paper record?


http://www.mnhs.org/index.htm

http://www.mnhs.org/preserve/records/electronicrecords/erintro.html

36

eHEAT Security and AgreementseHEAT Security and Agreements Levels of authority

• State Data Base Administrator• Local (or vendor) eHEAT Administrators– Administrative Change Process, Chapter 3, p. 16

• Local (or vendor) users

Agreements—Annual• See EAP Tools on website www.energy.mn.gov


http://www.energy.mn.gov/

37

Summary of Data PracticesSummary of Data Practices Staff should know:

• What private data is and how it relates to EAP• What data they can reveal and what they need to do to assure

they aren’t violating data privacy• How to document information they have revealed

Staff with authority to release private data should know:• All of the above• The SP-approved processes for following up on data requests

Agency management should:• Support the data practices activities with knowledge and practical

resources


38

Debtors Exemption ClaimsDebtors Exemption Claims

39

Debtors Exemption Claims (Issue)Debtors Exemption Claims (Issue)Collection Firms are asking for information beyond

what the manual states that we have to tell them They are saying that unless we tell them when

payments were made, they will not honor the garnishment exemption (sometimes people lie)

We need a universal form that gives only the information that they need

40

Debtor’s Exemptions Claims Debtor’s Exemptions Claims (Solution) (Solution) You don’t need to be experts in the law but you do

need to know and understand it There were changes made to the law for 2009Garnishment firms need to be told EAP rules and

timelines by you; You are the EAP expert!

41

Debtors Exemption ClaimsDebtors Exemption Claims Many of you may have already seen these requests A household is being pursued to pay a debt by a third party

collection agent that may or may not be an attorney The collection agents use tools like garnishment of wages

and levies aka “Freezing” of the bank accounts The law provides certain protections of some or all of their

money in certain situations, for certain people The form used to claim these protections is called an

“Exemption Notice”

42

Debtors Exemption ClaimsDebtors Exemption ClaimsSome or all of their money is protected if: The source of the money is Government benefits such as Social Security

benefits; Unemployment benefits; Workers' compensation; or Veterans benefits

They currently receive other assistance based on need They have received government benefits in the last six months They were in jail or prison in the last six months

Some or all of their earnings (wages) are protected if: They get government benefits (see list of government benefits) They currently receive other assistance based on need They have received government benefits in the last six months They were in jail or prison in the last six months

43

Debtor’s Exemptions Claims Law Debtor’s Exemptions Claims Law The legislation, which will become effective on Aug. 1, 2009, updates the

exemption process and makes technical changes to the current law The legislation modifies legal requirements regarding levies and

garnishments and expedites the process for both the creditor and debtor and makes the following revisions to the current garnishment law:• Modifies the process;• Updates forms;• Creates a new notice of intent to garnish;• Alters the exemption form and creditor’s exemption form; and• Adjusts timing requirements.

It does not change the intent of existing law or impact current or future case law (quote from the new law)

44

Debtors Exemption Claim LawsDebtors Exemption Claim Laws

Website: MN office of the Revisor of Statues • Index of the laws relating to Fuel Assistance in MN

https://www.revisor.leg.state.mn.us/statutes/?topic=202092• Address of the website with the new law

https://www.revisor.leg.state.mn.us/laws/?id=31&doctype=chapter&year=2009&type=0

https://www.revisor.leg.state.mn.us/statutes/?topic=202092

https://www.revisor.leg.state.mn.us/statutes/?topic=202092






45

Debtor’s Exemption Claim Debtor’s Exemption Claim FormForm Section 1. Minnesota Statutes 2008, section 550.143, is amended to

read: 550.143 LEVY ON FUNDS AT A FINANCIAL INSTITUTION.

Form of notice. The notice required by subdivision 3 must be provided as a separate form and must be substantially in the following form:

EXEMPTION FORM• HOW MUCH MONEY IS PROTECTED..... • I claim ALL of the money being frozen by the bank is protected...... • I claim SOME of the money is protected. The amount I claim is

protected is $.......

46

Debtor’s Exemption Claim Debtor’s Exemption Claim FormFormWHY THE MONEY IS PROTECTED My money is protected because I get it from one or more of the following

places: (Check all that apply)..... Government benefits include, but are not limited to, the following: MFIP - Minnesota family investment program, MFIP Diversionary Work

Program, Work participation cash benefit, GA - general assistance, EA - emergency assistance, MA - medical assistance, GAMC - general assistance medical care, EGA - emergency general assistance, MSA - Minnesota supplemental aid, MSA-EA - MSA emergency assistance, Food Support, SSI - Supplemental Security Income, Minnesota Care, Medicare part B premium payments, Medicare part D extra help,

Energy or fuel assistance.

47

Debtor’s Exemption Claim Debtor’s Exemption Claim FormForm Government benefits also include:..... Social Security benefits.....

Unemployment benefits..... Workers' compensation..... Veterans benefits

If you receive any of these government benefits, include copies of any documents you have that show you receive Social Security, unemployment, workers' compensation, or veterans benefits......

Other assistance based on need You may have assistance based on need from another source that is not on the list. If you do, check this box, and fill in the source of your money on the line below:

Case Number:..... County: ... Source: ..... Include copies of any documents you have that show the source

of this money. Some of your earnings (wages) are protected

48

Debtor’s Exemption Claim Debtor’s Exemption Claim FormForm OTHER EXEMPT FUNDS The money from the following are also completely protected...... An accident, disability, or retirement pension or annuity..... Payments to you from a life insurance policy..... Earnings of your child who is under 18 years of age..... Child support… Money paid to you from a claim for damage or destruction of

property…• Property includes household goods, farm tools or machinery, tools for your job,

business equipment, a mobile home, a car, a musical instrument, a pew or burial lot, clothes, furniture, or appliances......

Death benefits paid to you

49

Debtor’s Exemption Claim Debtor’s Exemption Claim FormForm I give permission to any agency that has given me cash benefits

to give information about my benefits to the above-named creditor, or its attorney.

The information will ONLY concern whether I get benefits or not, or whether I have gotten them in the past six months

If I was an inmate in the last six months, I give my permission to the correctional institution to tell the above-named creditor that I was an inmate there.

There are additional instructions and timelines in the new law that I did not include here, but would encourage you all to take a look at so you’re familiar

50

Debtor’s Exemption Claims and EAPDebtor’s Exemption Claims and EAP A person's wages are exempt if they currently receive need

based aid, or have been a recipient within the last 6 months Households are now required to provide bank statements with

the exemption notices The creditor is looking for some proof that the debtor currently

receives EAP or was a recipient in the last 6 months • Will need additional help from us unless they received a direct payment

A benefit statement from us will suffice So, here’s what you need to do

• The new export will contain information on payments and dates • Redact what is unnecessary (payment amounts)• If they demand more you can refer them to the state

51

Debtor’s Exemption Claims and Debtor’s Exemption Claims and EAPEAPYou are the EAP experts You have the support of DOC and our timelines for

eligibility is clearly documented in our EAP policy manual

Once determined eligible; a household is eligible until the end of the program year (September 30)

They are still protected for 6 months after they last received assistance

52

Debtor’s Exemption Claim NoticeDebtor’s Exemption Claim Notice The “Debtor’s Exemption Claim Notice” is a type of

Informed Consent form (Appendix 19B) and will be updated to reflect the new statues

New template letter for providing the information that will meet the legal requirements and reflect EAP policy guidelines

53

Data Security and You!Data Security and You!Richard Gooley Chief Information Security Officer

Minnesota Department of Commerce


54

Data Security and You!Data Security and You!


55

Executive SummaryExecutive SummaryBe cyber smart – Sec rity needs U! Security is everyone’s responsibilitySecurity doesn’t need to be intimidatingSecurity doesn’t have to cost an arm and a leg


56

AgendaAgenda 7 Top Tips for Keeping Your Data Secure

1.Identify and guard sensitive information2.Create bulletproof passwords3.Use secure email4.Protect your computer5.Keep your computer patched6.Properly dispose of information no longer needed7.Be mindful of social engineering

Excellent Resources for Free Stuff! Questions and Discussion


57

7 Top Tips for Keeping Your 7 Top Tips for Keeping Your Data Secure *Data Secure *

* aka “How to Keep Out of Current Events”


58

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Tip 1: Identify and guard sensitive information Dumpster diving What sensitive information do you work with?

• Social Security Number• Addresses• Children• Household income• Private financial information


59

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Tip 2: Create bulletproof passwords Weak passwords are all too common

• They are easy for users to remember.• They include personal information about the user.• They consist of known words found in many hacker

password dictionaries.


60

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Examples of bulletproof passwords

• eX@mp13s0f• Bu!1e7Pr0of• Do you know my address?– DUKma?45410akland


61

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Tip 3: Use secure emailAll email from The State containing private data will be

sent using secure emailMethod for retrieving secure email

• Use link in email to go to The State’s secure site• Establish password• Retrieve email and attachments• Retain password for future use


62

Example of Secure email from The StateExample of Secure email from The State


63

Establish/enter passwordEstablish/enter password


64

Retrieve email/attachmentRetrieve email/attachment


65

Secure email Secure email What is TLS encryption?

Transport Layer Security TLS is a standard protocol that is used to provide secure Web communications on the Internet or intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. TLS is the latest version of the Secure Sockets Layer (SSL) protocol.


66

Secure email – TLS encryptionSecure email – TLS encryption


67

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Tip 4: Protect your computer (with your life!) Where’s my laptop?


68

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Tip 5: Properly dispose of information no longer needed Where's that usb drive?


69

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Tip 6: Keep your computer patched


70

Patch ManagementPatch Management


71

7 Top Tips for 7 Top Tips for Keeping Your Data Secure Keeping Your Data Secure Tip 7: Be mindful of social engineering Know thy neighbor


72

““All I did was smile and they let All I did was smile and they let me in the door” me in the door”


73

Excellent Resources for Free Excellent Resources for Free Stuff!Stuff!


74

https://www.act-online.net/https://www.act-online.net/


75

Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery


76

www.flu.gov www.flu.gov


77

Excellent Resources for Free Stuff!Excellent Resources for Free Stuff!Tools to wipe drives when disposing computer www.killdisk.com/ www.diskwipe.org/

Free anti-virus protection for home use www.free.avg.com/

Some Internet Providers offer free anti-virus


http://www.killdisk.com/

http://www.diskwipe.org/

http://www.free.avg.com/

78

Excellent Resources for Free Excellent Resources for Free Stuff!Stuff!www.act-online.netwww.killdisk.comwww.diskwipe.orgwww.free.avg.comwww.msisac.org

Business continuity and Disaster Recoverywww.disaster-recovery-guide.comwww.flu.govwww.drj.comwww.ready.gov


http://www.act-online.net/

http://www.killdisk.com/

http://www.diskwipe.org/

http://www.free.avg.com/

http://www.flu.gov/

79

ConclusionConclusion Security is everyone’s responsibility Security doesn’t need to be intimidating Security doesn’t have to cost an arm or a leg


FFY2010

Documents

Transcript of FFY2010