IRUA V2.0. Introduction Welcome Tad Stahl, CISO 234-3434 Jeff Hicks, Business Systems Consultant 232-4662.

Slides:



Advertisements
Similar presentations
A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.
Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Hart District Acceptable Use Policy Acceptable Use Policy.
Welcome to the SPH Information Security Learning Module.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
DO-IT TRAINING KIT Acceptable Use Policy
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Sizewise Code of Ethics, Conflict of Interest and Disclosure HR-CECID.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
Critical Data Management Indiana University HR Summit April 24, 2014.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Uintah School District Acceptable Use for Computer and Network Access.
Boyertown Area School District Acceptable Use Policy.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
INTERNET and CODE OF CONDUCT
Port Byron Central School Port Byron NY Computer Ethics Presentation September 2003.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
New Data Regulation Law 201 CMR TJX Video.
Protecting Sensitive Information PA Turnpike Commission.
Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.
Aaron Cauchi Nurse Informatics
CPS Acceptable Use Policy Day 2 – Technology Session.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
HIPAA PRIVACY AND SECURITY AWARENESS.
An Educational Computer Based Training Program CBTCBT.
Electronic Use Policies.   Social Media  Internet.
 Board Policy GBEAA (The Internet Acceptable Use Policy): › “Employees will have access to the Internet for the purpose of instruction, resources and.
Internet and Computer Rules If you want to use the computers you need to follow the rules.
Onslow County Schools Division of Media and Instructional Technology This presentation was prepared under fair use exemption of the U.S. Copyright Law.
Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.
A cceptable U se P olicy A student’s guide to using technological tools safely and responsibly. Please see BOE Policy #7314 and Regulation #7314R * This.
Charlotte Greene EDTC 630 A document of set rules by the school district that explains what you can and cannot do with district owned information systems.
FERPA: What you Need to Know The Family Educational Rights and Privacy Act & SEI.
Jenkins Independent Schools NETWORK STAFF USER CONTRACT Acceptable Use Policy 2007 – 2008.
EAST HARDIN MIDDLE SCHOOL MR. ERVIN Internet Safety Policy and Acceptable Use Procedures.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
CODE OF CONDUCT TRAINING. We conduct our global business honestly, ethically and legally, believing that good ethics is good business. The Company’s Philosophy.
Acceptable Use Policy by Andrew Breen. What is an Acceptable Use Policy? According to Wikipedia: a set of rules applied by many transit networks which.
Incident Security & Confidentiality Integrity Availability.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
Incident Security & Confidentiality Integrity Availability.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
ISO/IEC 27001:2013 Annex A.8 Asset management
CONTROLLING INFORMATION SYSTEMS
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Chichester School District is providing students access to the district’s electronic network. This network includes Internet access, computer services,
ACCEPTABLE USE POLICY: INFORMATION TECHNOLOGY RESOURCES IN THE SCHOOLS The school's information technology resources, including and Internet access,
Proper Internet and Social Media Usage Internet Usage While on Premise Board Policy GBEAA (The Internet Acceptable Use Policy): “Employees will.
From Facebook to Mugshots Facebook/MySpace EDD: Legal, social & ethical issues in use of modern personal posting technologies in law enforcement and academic.
Ron Enger Southern Oregon Educational Service District Medford, Oregon Cliff Ehlinger Grant Wood Area Education Agency Cedar Rapids, Iowa December, 2006.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Protecting PHI & PII 12/30/2017 6:45 AM
Protection of CONSUMER information
Privacy & Confidentiality
New Volunteer Orientation and Policies
Move this to online module slides 11-56
Red Flags Rule An Introduction County College of Morris
Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

IRUA V2.0

Introduction Welcome Tad Stahl, CISO Jeff Hicks, Business Systems Consultant

Riddle MickeyMinniePlutoHueyLoueyDeweyDonaldGoofy

Last Time Around More than 23,000 employees electronically accepted the agreement Password issues with PeopleSoft – 2 completions, 1 HD call Your support was pivotal to the success

This Time Around Ethics and sexual harassment training experience and improvements in ELM Active Directory password integration with PeopleSoft Agency controlled reporting

IRUA V2 Removals Removal of de minimis from IRUA V2: 1a. Use for State Business. I understand that Information Resources are to be used to solely conduct the business of state government with exceptions limited to those in accordance with State Ethics Rule 42 IAC and my agency’s policy. V1: 1a. Use for State Business. I understand that Information Resources are to be used to conduct the business of state government. I understand that Information Resources may be used for de minimis, i.e., limited, personal use that cannot reasonably be handled away from work. I shall minimize personal use of Information Resources.

Sec. 12. A state officer, employee, or special state appointee shall not make use of state materials, funds, property, personnel, facilities, or equipment for any purpose other than for official state business unless the use is expressly permitted by a general written agency, departmental, or institutional policy or regulation. (Office of the Inspector General; 42 IAC ; filed Dec 7, 2005, 2:45 p.m.: 29 IR 1210) Each agency has their own personal use policy IOT’s:

IRUA V2 Removals V1 - 2a. Commercial & Politics. I shall not use Information Resources to conduct business related to an outside, for profit, commercial activity. Unless permitted by law, I shall not use Information Resources to support any political party or candidate. Covered by Ethics laws, policies and training

IRUA V2 Removals V1 – 2c. Inappropriate Material. I shall not use Information Resources to access, upload, download, or distribute any jokes, comments, messages, or any other materials that are considered pornographic, obscene, sexually explicit, discriminatory, harassing, or defamatory, to employees or third parties, including but not limited to any content that might offend someone on the basis of age, gender, race, national origin, disability, or religion. Covered by de minimis, sexual harassment, HR policies

IRUA V2 Additions Strengthening/specifying the protection of PI  2a. Unauthorized Disclosure of Confidential Information. I shall not disclose confidential information to unauthorized parties. This includes Social Security, driver's license, identification card, financial account, credit card, or debit card numbers. It also includes security and access codes, passwords of an individual's financial account or personal health information. I acknowledge that certain information is confidential or discretionary by law and it is my duty to protect that information from unauthorized disclosure.

IRUA V2 Additions V2 – 2f. Remote Control. I shall not use any remote control software or service on any internal or external host personal computers or systems not specifically approved by agency management, IOT support, and the CISO. Goal is to keep personal information in state control

IRUA V2 Additions V2 – 3. Storage of Information. I shall store state owned information only on state provided storage media. Storage of state information on non-state owned PCs, laptops, flash drives, CDs and other forms of media is prohibited. To ensure state owned data remains within state control USB sticks available via Dell QPA USB drives will have hardware encryption, more expensive

IRUA V2 Additions V2 – 4. Adherence to Security Guidance. I shall ensure that protective measures are implemented promptly as directed by IOT and that computing devices are connected to the network at least once per month to receive protective updates and patches. Intended to make clear that in urgent situations, if user assistance or attention is required, users need to be responsive. Users must connect to the network once per month to get updates

IRUA V2 Other Notes Enforcement of: 1c. Protecting from Misuse & Damage. I shall use care in protecting against unauthorized access, misuse, theft, damage, or unauthorized modification of Information Resources. I shall not leave a workstation without first ensuring it is properly secured from unauthorized access. I shall use good judgment to safely transport and store Information Resources in and away from the workplace. Many thefts reported where there is carelessness, neglect Employee reimbursement practice under consideration

IRUA V2 Other Notes V1 - 2f. Chain Letters & Spam. I shall not knowingly forward or respond to chain letters, pyramid selling schemes, marketing schemes, or unsolicited external commercial , commonly referred to as “spam.” V2 – 5. Spam Awareness and Performance. I shall be aware of the characteristics and dangers of spam messages. I shall not navigate to web links embedded in spam messages. I shall not send or reply to messages that would negatively impact the performance of the system (e.g. – “replying to all” on a message received in error). Content issues are removed – “inappropriate”, jokes, etc., increased focus on security dangers presented by Spam, performance impact.

Expectations for Roll Out All current employees and contractors will complete the training and accept the agreement New hires and contractors will take the training and accept the agreement Remember that some parts of acceptable use have been removed from the IRUA. Ethics and other policies may need to be referenced and/or enforced in disciplinary situations Long term - users will have their network access disabled if they have not completed the IRUA training and acceptance process

Planning the Rollout General rollout begin after Open Enrollment ISDH will be the pilot agency Pace of the rollout will be at the rate of calls the Help Desk can handle Please let us know if your agency would like to proceed early or of scheduling conflicts Likely to have a prep meeting with agencies prior to their rollout to provide template messages to staff, share findings of pilot, set expectations

Training Module Overview Simplified, less busy screens in the training module Similar approach to last IRUA training module, proceeds section by section Developed in flash, uses PeopleSoft ELM

Reporting Agency staff will be able to run their own reports Enables agencies to see progress on the initial mass rollout Identify those that have not agreed to the IRUA on an ongoing basis

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.