GOOD INFORMATION SECURITY PRACTICES Keeping Sensitive Data Confidential Tim Thomas Region 6...

GOOD INFORMATION SECURITY PRACTICES

Keeping Sensitive Data ConfidentialTim Thomas

Region 6 CoordinatorWCGRH LAN Engineer

DHR/OIT

Office of Information Technology

DHR Helpdesk

1-800-764-1017


Keep A Lid On It!

• Keep private information confidential. – Some of you may be handling very sensitive

data• People’s private health information• People’s private financial information• People’s private family information

– Only share sensitive information with people who are authorized to know

– That includes verbally, in writing and electronically


• GEORGIA DEPARTMENT OF HUMAN RESOURCES• Human Resource/Personnel Policy #1205• USE OF STATE PROPERTY• EFFECTIVE DATE: June 1, 2003 RELEASE DATE: May 30,

2003• REFERENCE: DHR Human Resource/Personnel Policy #1201

- Standards of Conduct and Ethics in Government• State property is to be used for work-related reasons only.

Employees are not to use, misuse or permit the use of State property for other than work-related reasons. State property includes, but is not limited to: computers, telephones, cellular phones, fax machines, copiers or other equipment, supplies, vehicles, work areas and furniture.


• Email, Internet and other computer tools and equipment are provided to employees for work-related reasons, and must be used for work-related purposes.

• The display or transmission of sexually oriented material is prohibited. Other prohibited uses include, but are not limited to, ethnic slurs, racial or other off-color jokes or remarks, game playing, or anything that may be considered harassment or expressing disrespect for others.

• Employees are not to engage in other employment activities while on duty. Conducting personal business or otherwise performing other employment activities using computers is prohibited.

• All information in state computers, including but not limited to e-mail transmittals, is subject to inspection by appropriate management at any time. No employee has a privacy interest in any information contained in a state computer.


Passwords


Express Yourself!

• Be creative in choosing passwords– Use at least 8 characters in your password

• The bigger they are the harder it is to make them fall– Use numbers and special characters in your

password• Special Characters: !@#%&*?$

– Use phrases to create your password• It’s a beautiful day in the neighborhood: 1@bD1tn!

– Pick a verse favorite of your song…• I want to be a number one: Iw2b@#1!


http://password.dhr.state

.ga.us

[email protected]

Password Reset


Password Reset


E-Mails


Fear The Unknown!

• Don't open email attachments from unknown sources. – Be suspicious of any unexpected email– If it comes from outside and you don’t know the

sender, delete it. Curiosity has its place!– If it comes from the inside and looks suspicious

contact the person and verify they sent it• If they didn’t send it, notify the information security

office or the helpdesk 1-800-764-1017.• Don’t visit inappropriate web sites


Internet


Internet Security and Use DHR has Internet services to support the advancement of business

goals and objectives. Use of computer resources and networks must be business-oriented. Internet access is monitored and recorded Each use of the internet must be able to withstand public scrutiny

without embarrassment to DHR or the State of Georgia. Limited personal use is acceptable and is subject to the same

acceptable usage policies. Users must not access inappropriate sites. Accessing sites with offensive material is prohibited.

Remember the Internet is not private. Any site on the Internet can trace you to your name and location.


Some Examples of Inappropriate Internet Usage

• Illegal activities• Wagering or betting• Harassment and illegal discrimination• Commercial activities (e.g., personal for-profit business

activities)• Promotion of political or religious positions or activities• Receipt, storage or transmission of offensive, racist, sexist,

obscene or pornographic information• Downloading software (including games, wallpaper, weather

programs and screen savers) unless agency sanctioned (and installed by DHR Technical Support)

• Use by individuals other that state employees• Chat sessions or bulletin boards, unless business related• Online/Streaming - Music, video’s, News/Entertainment


Cover Your Tracks!

• Don’t leave sensitive information lying around. – Always lock your PC screen when you are

leaving your work area• 3 finger salute (ctrl+alt+del)

– Perform a perimeter check at the end of the day• Lock away papers containing sensitive information • Shut down your computer• Make sure not sensitive information is exposed


Shred and Forget It!

• We are required to properly dispose of data that is of no more use, regardless of the media type. – Overwrite

• DOD Standard 5220.22-M– Degauss

• Electromagnetic cleansing– Destroy

• Physical destruction of the media


We Are Our Brother’s Keeper!

• Information Security is everyone’s responsibility. – It’s part of your job function– Federal, State, & DHR mandates that we protect

this sensitive information– Failing to abiding by these mandates is

punishable by fine and/or imprisonment • Could cost the state money and embarrassment• Could cost constituents money and embarrassment• Could cost you money, embarrassment and freedom


Stay Mindful!

So, always be mindful of your responsibility as it pertains to sensitive information that the State has entrusted you with and enjoy a long an prosperous

career here at DHR.


DHR Helpdesk

1-800-764-1017

GOOD INFORMATION SECURITY PRACTICES

Keeping Sensitive Data ConfidentialTim Thomas

[email protected]

GOOD INFORMATION SECURITY PRACTICES Keeping Sensitive Data Confidential Tim Thomas Region 6...

Documents

Transcript of GOOD INFORMATION SECURITY PRACTICES Keeping Sensitive Data Confidential Tim Thomas Region 6...