Lesson 4 protection of information
-
Upload
fleur-ottaway -
Category
Technology
-
view
74 -
download
5
Transcript of Lesson 4 protection of information
![Page 1: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/1.jpg)
Security, Protection of Data, Information &
PasswordsCOMP2071
![Page 2: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/2.jpg)
Protection Of Data
Company Data:• Data that belongs to the company. Financial
Statements, etc.
Employee Data:• Data that belongs to the employee.
Employee evaluations, personal emails, etc.
Customer Data:• Data that is confidential in nature towards a
customer. SIN number, phone numbers, etc.
![Page 3: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/3.jpg)
Protection Of Data
• As the helpdesk analyst it is your job to assist in the protection of data at all levels
• You may be providing services that help other employees protect data or you may be the intermediary of the data
• No matter which type of data it is you need to understand your role is to not just provide data for no reason and without approval
• Don’t ever give out data or personal details to anyone but the owner
![Page 4: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/4.jpg)
Protection Of Data
• For example, if a manager requests access to an employees data you would need to specify what data (email, documents, etc.), then you would request the written approval of the manager of the requestor
• To truly cover all issues with granting access you may also be asked to get approval from the head of HR as well
• From there you may have to send your ticket to an Nth dept. or you may be able to grant access through the tools in the helpdesk
![Page 5: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/5.jpg)
Protection of Information
• Everything we talked towards rings true for protecting information as well
• The main thing to remember here, don’t give out any information that is not readily accessible to an employee already
• On the other side, don’t give out internal company information to any sales agents, vendors, or telemarketers that may call the helpdesk as well
• If in doubt, transfer the call to your second level or team lead
![Page 6: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/6.jpg)
Passwords
• Passwords are very important to keep confidential• If another employee got your password they could
logon as you and do illegal things such as fraud or even just watch porn which is grounds enough to be fired in some companies
• The users are asked to protect their password and it is their responsibility to do so
• That being said, users often will give their password to helpdesk staff as there is a feeling of “trust” there
• You as the helpdesk analyst will need to know that you should never know or ask a user for their password
![Page 7: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/7.jpg)
Passwords
• If users give their passwords to you or you reset a password without verifying the user, this can mean an audit failure for the whole helpdesk department which means your job will be on the line
• Most enterprise helpdesks will have some sort of mechanism and policy in place to verify a user for a password reset
• This can include secret questions, a users employee number, etc.
• You should never give a password through email• And final note, a new password should always be set to
expire
![Page 8: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/8.jpg)
Encryption
• Most enterprises will have some sort of encryption built into their architecture
• Some types of encryption you may support on the helpdesk is:– Encryption of data on a desktop or laptop especially.
Here the data would decrypt when the user logs in successfully
– USB encryption, where a user’s thumb drive would be encrypted when it plugs into a company device
– Encrypted email transmission– Blackberry or other company held devices
![Page 9: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/9.jpg)
Encryption
• Some key things to remember when supporting encryption are:– Most of the time the files will be flagged by a word or the
colour green– Before you make a copy of a file you must decrypt it first,
this is important if backing up a users data before a reimage– Users may put their own personal devices into the network,
thus encrypting their personal device. There is no reversing it so you would work with the user to get the data off and they could reformat it at home
– Email sent out with encryption is usually easier to get back after it is sent, this can be useful
![Page 10: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/10.jpg)
Lost or Stolen Devices
• You may run into an instance where a user has lost a device or has been stolen
• In these cases, there is usually a process around this which could include some of the following items:– Remotely wiping a device (if possible) using tools on
the helpdesk– Reporting the loss to information security– Ordering new devices
• Users will always call the helpdesk for everything so be prepared to assist on all levels
![Page 11: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/11.jpg)
Hand-held devices
As an extra bit of learning some tools….• You may also need to help people with the
password to their handheld devices, or just access to email on their devices
• The email team has the ability to send out scripts to devices to try and resolve some of these issues but if the user has already begun tinkering with them and set strange passwords on them these scripts often fail
• Another interesting thing IT does is the policies on the devices, we will look at some
![Page 12: Lesson 4 protection of information](https://reader035.fdocuments.us/reader035/viewer/2022062405/55619b99d8b42ace7d8b5973/html5/thumbnails/12.jpg)
Hand-held devices
• A pretty cool tool Blackberry offers is a Blackberry simulator
• For this example you can run the one that’s on Blackboard
• Let’s work through this together…..