Presentation is loading. Please wait.

Presentation is loading. Please wait.

IRUA V2.0. Introduction Welcome Tad Stahl, CISO 234-3434 Jeff Hicks, Business Systems Consultant 232-4662.

Published byAnnabel Castel Modified over 9 years ago

Similar presentations

Presentation on theme: "IRUA V2.0. Introduction Welcome Tad Stahl, CISO 234-3434 Jeff Hicks, Business Systems Consultant 232-4662."— Presentation transcript:

1 IRUA V2.0

2 Introduction Welcome Tad Stahl, CISO tstahl@iot.in.gov 234-3434 Jeff Hicks, Business Systems Consultant jhicks@iot.in.gov 232-4662

3 Riddle MickeyMinniePlutoHueyLoueyDeweyDonaldGoofy

4 Last Time Around More than 23,000 employees electronically accepted the agreement Password issues with PeopleSoft – 2 completions, 1 HD call Your support was pivotal to the success

5 This Time Around Ethics and sexual harassment training experience and improvements in ELM Active Directory password integration with PeopleSoft Agency controlled reporting

6 IRUA V2 Removals Removal of de minimis from IRUA V2: 1a. Use for State Business. I understand that Information Resources are to be used to solely conduct the business of state government with exceptions limited to those in accordance with State Ethics Rule 42 IAC 1-5-12 and my agency’s policy. V1: 1a. Use for State Business. I understand that Information Resources are to be used to conduct the business of state government. I understand that Information Resources may be used for de minimis, i.e., limited, personal use that cannot reasonably be handled away from work. I shall minimize personal use of Information Resources.

7 Sec. 12. A state officer, employee, or special state appointee shall not make use of state materials, funds, property, personnel, facilities, or equipment for any purpose other than for official state business unless the use is expressly permitted by a general written agency, departmental, or institutional policy or regulation. (Office of the Inspector General; 42 IAC 1-5-12; filed Dec 7, 2005, 2:45 p.m.: 29 IR 1210) Each agency has their own personal use policy IOT’s: http://www.in.gov/iot/files/IOT_De_Minimis_Use.pdf http://www.in.gov/iot/files/IOT_De_Minimis_Use.pdf

8 IRUA V2 Removals V1 - 2a. Commercial & Politics. I shall not use Information Resources to conduct business related to an outside, for profit, commercial activity. Unless permitted by law, I shall not use Information Resources to support any political party or candidate. Covered by Ethics laws, policies and training

9 IRUA V2 Removals V1 – 2c. Inappropriate Material. I shall not use Information Resources to access, upload, download, or distribute any jokes, comments, messages, or any other materials that are considered pornographic, obscene, sexually explicit, discriminatory, harassing, or defamatory, to employees or third parties, including but not limited to any content that might offend someone on the basis of age, gender, race, national origin, disability, or religion. Covered by de minimis, sexual harassment, HR policies

10 IRUA V2 Additions Strengthening/specifying the protection of PI  2a. Unauthorized Disclosure of Confidential Information. I shall not disclose confidential information to unauthorized parties. This includes Social Security, driver's license, identification card, financial account, credit card, or debit card numbers. It also includes security and access codes, passwords of an individual's financial account or personal health information. I acknowledge that certain information is confidential or discretionary by law and it is my duty to protect that information from unauthorized disclosure.

11 IRUA V2 Additions V2 – 2f. Remote Control. I shall not use any remote control software or service on any internal or external host personal computers or systems not specifically approved by agency management, IOT support, and the CISO. Goal is to keep personal information in state control

12 IRUA V2 Additions V2 – 3. Storage of Information. I shall store state owned information only on state provided storage media. Storage of state information on non-state owned PCs, laptops, flash drives, CDs and other forms of media is prohibited. To ensure state owned data remains within state control USB sticks available via Dell QPA USB drives will have hardware encryption, more expensive

13 IRUA V2 Additions V2 – 4. Adherence to Security Guidance. I shall ensure that protective measures are implemented promptly as directed by IOT and that computing devices are connected to the network at least once per month to receive protective updates and patches. Intended to make clear that in urgent situations, if user assistance or attention is required, users need to be responsive. Users must connect to the network once per month to get updates

14 IRUA V2 Other Notes Enforcement of: 1c. Protecting from Misuse & Damage. I shall use care in protecting against unauthorized access, misuse, theft, damage, or unauthorized modification of Information Resources. I shall not leave a workstation without first ensuring it is properly secured from unauthorized access. I shall use good judgment to safely transport and store Information Resources in and away from the workplace. Many thefts reported where there is carelessness, neglect Employee reimbursement practice under consideration

15 IRUA V2 Other Notes V1 - 2f. Chain Letters & Spam. I shall not knowingly forward or respond to chain letters, pyramid selling schemes, marketing schemes, or unsolicited external commercial email, commonly referred to as “spam.” V2 – 5. Spam Awareness and Email Performance. I shall be aware of the characteristics and dangers of spam messages. I shall not navigate to web links embedded in spam messages. I shall not send or reply to messages that would negatively impact the performance of the email system (e.g. – “replying to all” on a message received in error). Content issues are removed – “inappropriate”, jokes, etc., increased focus on security dangers presented by Spam, performance impact.

16 Expectations for Roll Out All current employees and contractors will complete the training and accept the agreement New hires and contractors will take the training and accept the agreement Remember that some parts of acceptable use have been removed from the IRUA. Ethics and other policies may need to be referenced and/or enforced in disciplinary situations Long term - users will have their network access disabled if they have not completed the IRUA training and acceptance process

17 Planning the Rollout General rollout begin after Open Enrollment ISDH will be the pilot agency Pace of the rollout will be at the rate of calls the Help Desk can handle Please let us know if your agency would like to proceed early or of scheduling conflicts Likely to have a prep meeting with agencies prior to their rollout to provide template messages to staff, share findings of pilot, set expectations

18 Training Module Overview Simplified, less busy screens in the training module Similar approach to last IRUA training module, proceeds section by section Developed in flash, uses PeopleSoft ELM

19 Reporting Agency staff will be able to run their own reports Enables agencies to see progress on the initial mass rollout Identify those that have not agreed to the IRUA on an ongoing basis

20 Questions

Download ppt "IRUA V2.0. Introduction Welcome Tad Stahl, CISO 234-3434 Jeff Hicks, Business Systems Consultant 232-4662."

Similar presentations

A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.

A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
DO-IT TRAINING KIT Acceptable Use Policy

DO-IT TRAINING KIT Acceptable Use Policy
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.

Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Sizewise Code of Ethics, Conflict of Interest and Disclosure HR-CECID.

Sizewise Code of Ethics, Conflict of Interest and Disclosure HR-CECID.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Uintah School District Acceptable Use for Computer and Network Access.

Uintah School District Acceptable Use for Computer and Network Access.
Boyertown Area School District Acceptable Use Policy.

Boyertown Area School District Acceptable Use Policy.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Similar presentations

Ads by Google