Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Security & E-Mail Confidentiality Integrity Availability.

Published byClementine Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "Incident Security & E-Mail Confidentiality Integrity Availability."— Presentation transcript:

1 Incident Security & E-Mail Confidentiality Integrity Availability

2 Objectives Logical Security Anti-Virus Software Usernames and Passwords Secure Screen Savers Physical Security Securing the work area Other Security Individual Computer User’s Statement Of Responsibility E-Mail Issues

3 Logical Security

4 Anti-Virus Software Every computer must run an anti- virus software package with virus definition files being no more than 7 days old Configured to download and update automatically unless otherwise configured by a CTSP Incident personnel may not unload or disable anti-virus software All portable media must be scanned before use

5 Anti-Virus Software User responsibilities Never open file attachments from unknown, suspicious, or untrustworthy source Delete spam and junk e-mail Never download files from untrustworthy sources Do not install software without first contacting the incident CTSP Should a virus be detected, disconnect computer from the network and immediately notify a CTSP

6 Usernames and Passwords Do not share passwords Password complexity enabled 8 characters with at least 1 uppercase, 1 lowercase, 1 number and 1 punctuation One logon per ID

7 Secure Screen Saver All computers must have a locking password protected screen saver enabled Timeout is 15 minutes Users will logout of shared machines when stepping away for long periods of time

8 System Settings Login Banner Government owned equipment will display a standard or Agency specific banner at login Leased computers will display a standard banner:

9 System Settings “You are about to access a computer that is owned or leased by the United States government that is intended for authorized use and users only. You should have no expectation of privacy in your use of this network. Use of this network constitutes consent to monitoring, retrieval, and disclosure of any information stored within the network for any purpose including criminal prosecution.”

10 Data Backups: Incident Data Incident CTSP’s are responsible for backing up data residing on all servers Ultimately, your data is your responsibility to secure Back it up - Lock it up. All media that contains backed up data must be secured.

11 Data Backups: I-Suite Under no circumstances shall I-Suite backups remain in the possession of any individual for “historical purposes” Database and data backups (not repository or documentation box copies) will be deleted and destroyed at the end of an incident

12 Data Security: Access Control Users can expect access to be limited to the data that is relevant to their position Additional security measures shall be provided for sensitive data Do not distribute data (files and photos) to individuals. Information generated on a fire belongs to the hosting agency. Have management approval for all users accessing the Incident network

13 Data Security: PII All Federal agencies require employees to take awareness training in dealing with Personally Identifiable Information (PII) This training emphasizes the importance of protecting PII data

14 Data Security: PII Incident Management Teams collect PII data from resources at Check-in. What is considered PII? Full name Telephone number Street address E-mail address Vehicle registration plate number Driver's license number Face, fingerprints, or handwriting Credit card numbers

15 Data Security: PII What is not considered PII? First or last name, if common Country, state, or city of residence Age, especially if non-specific Gender or race Name of the school attending Name of employer Grades, salary, or job position Criminal record Non-PII data does not imply non- private information

16 Data Security: Scrubbing Deleted files are not erased Scrubbing is the process of writing random characters over the entire hard drive All leased computers when being returned must be scrubbed Free space (as opposed to whole disk) scrubbers are acceptable

17 Physical Security

18 Securing the Work Area Equipment containing sensitive data will be secured at all times Pay special attention to high traffic areas Common areas in leased facilities should not be considered secure Provide specific security measures for equipment during non-business hours

19 Other Security Procedures

20 Individual Security Responsibilities Individual Computer User’s Statement of Responsibility Report the loss or theft of data and equipment immediately: Inform the C&G and Security Inform the administrative agency Inform the agency that owned or rented if the loss was equipment Provide for continuity of operations Document all actions

21 E-Mail Issues

22 Legally all e-mail for the Interior needs to be backed up indefinitely due to the Cobell Lawsuit (http://www.doi.gov/ost/cobell) Other Agencies also have backup requirements for e-mail Using Yahoo, HotMail, Gmail, or other free web based solutions does not meet this requirement

23 E-Mail Issues Use of the Dispatch Messaging System (DMS) meets the needs of the court DMS is an e-mail system that is used by all Dispatch offices All email sent through DMS is archived DMS is available to all Area Command Teams and Incident Management Teams

24 E-Mail Issues For example, the Northern Rockies Teams: Type 1 Team NRIMT101@dms.nwcg.gov Type 2 Team NRIMT201@dms.nwcg.gov

25 E-Mail Issues All Type 1 & 2 Teams already have these email accounts Some Area Command Teams have these accounts If you need an email account contact Steve Simon ssimon@fs.fed.us 406 896-2877

26 Questions?

Download ppt "Incident Security & E-Mail Confidentiality Integrity Availability."

Similar presentations

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.

Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
USDA Rules of Behavior User Training

USDA Rules of Behavior User Training
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV - 2011 NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.

ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
IT Security Essentials Ian Lazerwitz, Information Security Officer.

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Similar presentations

Ads by Google