Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014
Our goals for today Review policies related to IT acceptable use Explain how monitoring and follow-up work Look at your role as an employee Look at some practical tips (do’s and don’ts) Q and A
Policies Guideline 400-A Information Technology Objectives Guideline 400-B Information Technology Standards Guideline 400-C Corporate Internet Use Guideline 400-D Use and Management of Electronic Mail Guideline 400-E Information Technology Security Guideline 401-C Security of Information Policy 550 Code Of Ethics Policy 700 Risk Management Policy Policy 900 Policy on Information Management The Corporation reserves the right to monitor use of IT, as per our Corporate policies All our policies are on ECHO Several are new IT policies are being updated They need to address the issues you are facing as managers They are important tools to help you as a manager
Acceptable use IT tools are intended for you to do your work “All informatics assets are to be used for corporate business activities…” (400-E, 3.0) Limited personal use is allowed… “…employees are allowed limited personal use provided such use is conducted on personal time… all personal use of informatics assets should be cleared by the employee’s supervisor” (400-E, 3.0) “Personal browsing of the Internet is allowed provided it is conducted during personal time, no additional costs are incurred by the Corporation, and the usage remains compliant with this guideline.” (400-C, 5.0)
Changing expectations…
Social media The Corporation needs to be present in these spaces It is important to experiment We also need to be mindful of productivity and operational requirements Manager awareness and discretion is important
Streaming audio and video
Everything in the cloud
Bandwidth Buzzword worth taking a moment to define It’s one of these terms you may hear used a lot – e.g. “high bandwidth” Amount of data moved in a period of time Bits per second Can refer to capacity Can also refer to consumption Streaming audio and video are a major consumer of bandwidth
Why limitations on how we use IT? Resources are limited Bandwidth Storage Wi-Fi Etc... Safeguarding corporate assets IT security Managing information Productivity and operational requirements To help keep systems working properly So everyone can be productive And to safeguard Corporate information assets
Monitoring “Infrastructure components will be monitored to ensure their smooth operation and to detect any problems” (Guideline 400-A, 4.1)
Monitoring Why? To ensure normal operation of systems To follow up on anomalies or “incidents” To assist managers in their responsibilities As part of a formal investigation
Monitoring Examples of what is monitored Internet use Logs, reports, alerts Devices on our networks (including Wi-Fi) Computers and other devices Running programs, files, screen views, etc. as warranted Software What is installed on all computers Anti-virus On computers, servers, mail system, anti-spam system, firewall Detections, alerts
Monitoring and follow-up “Incidents” “An incident is an unplanned interruption to an IT service or reduction in the quality of an IT service.” (ITIL version 3)
Monitoring and follow-up Examples of “Incidents” Issues reported to the Computer Helpline Questions and queries System failures Web site blocked by the firewall High bandwidth use Virus infection Policy breach Patterns in system reports Events automatically detected by monitoring tools Note: an incident is not the same thing as wrongdoing
Monitoring and follow-up Who? Computer Helpline is our main point of contact for any issues All Informatics Services staff play a role Each system has a “prime” and one or more backups IT Security Coordinator
Monitoring and follow-up Process IT Staff first follow-up with employee IT include manager if it is a repeat or serious issue IT advise HR if issue persists or if there is a serious issue related to breach of Corporate policy Labour relations issue? > Handled by HR
Trust Expect employees to be professional and ethical Encourage employees to experiment and innovate Internet access is more open than at most Federal institutions
Tools are intended to help us do our work…
Your Role Respect policies on ethics, IT, and IM Help us use resources efficiently Keep your manager informed Report IT and IT security issues to the “Computer Helpline” Report IM issues to the “IM Office” Disclose wrongdoing
Do’s and Don’ts Streaming audio and video Stream audio and video only for work purposes YouTube, Vimeo, Internet radio, etc. This also includes use of public Wi-Fi We do not have the bandwidth capacity to allow personal streaming of audio and video
Do’s and Don’ts Web sites blocked by the firewall Let us know if you need a blocked site for work Default filters are not perfect You can send requests to the Computer Helpline
Do’s and Don’ts Personal files Personal audio and video files Don’t store your music and movie collection on Corporate resources, including your PC Personal photos Don’t put these on the O-Drive, Y-Drive or work computers and devices
Do’s and Don’ts Personal devices Personal thumb drives and hard drives Do not connect these to work computers Personal computers and devices Don’t bring your home computer to work If you use a personal smart phone or tablet, remember our Information Management Policy Managers have responsibility for their operations and must exercise their discretion
Do’s and Don’ts Software Advise the Computer Helpline of all non-standard software Maintainability Ask Computer Helpline to help you with software installations Avoid exposure to malicious code (viruses, Trojan horses, etc) Never install unlicensed software Legal exposure
Do’s and Don’ts Consumer cloud services Respect our Information Management Policy Corporate documents and records must be stored in OpenText Enterprise Never place sensitive or Protected documents in the cloud Advise your manager on how you are working with information You and your manager must work together to safeguard Corporate information assets Do not synchronize personal files Music, movie collections, photos Do not synchronize large amounts of data Video, large numbers of files
Q & A