Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Similar presentations


Presentation on theme: "Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making."— Presentation transcript:

1 Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making tool1

2 Choose the menu option which best describes how you are working with LSE Information. You may use this several times for different aspects of your work Information Security decision making tool2 HR or other confidential records HR or other confidential records Financial records Other types of work with LSE information Other types of work with LSE information Research Exam information

3 Do you keep HR records on other people or yourself? Including our own career development review or documents No Yes Information Security decision making tool3

4 Continue Information Security decision making tool4 This information is confidential Continue to find out more… This information is confidential Continue to find out more…

5 Do you keep sensitive information on individuals? Excluding contact details for colleagues that is freely given No Yes Information Security decision making tool5

6 Do you keep sensitive information on exams? Including papers, results, discussions about questions or candidates No Yes Information Security decision making tool6

7 Do you keep financial records? Excluding published company accounts that are in the public domain No Yes Information Security decision making tool7

8 Is the information held on paper? No Yes Information Security decision making tool8

9 Continue Information Security decision making tool9 Keep it in a lockable cabinet Continue to find out more… Keep it in a lockable cabinet Continue to find out more…

10 Do you protect electronic information with MS Office passwords? No Yes Information Security decision making tool10

11 Continue Information Security decision making tool11 Your information is not secure enough with this alone. Continue to find out more… Your information is not secure enough with this alone. Continue to find out more…

12 Do you keep it on H space or a shared drive with appropriate folder permissions? No Yes Information Security decision making tool12 Don’t Know Don’t Know

13 Information Security decision making tool13 Continue Good Click here for more information Continue to finish this session or Home to go back to the beginning Good Click here for more information Continue to finish this session or Home to go back to the beginning

14 Do you protect it with file encryption? No Yes Information Security decision making tool14

15 Continue Information Security decision making tool15 Good Click here for more information Continue to finish this session or Home to go back to the beginning Good Click here for more information Continue to finish this session or Home to go back to the beginning

16 Where do you keep the electronic data and reports you work on? No Yes Information Security decision making tool16 On H space or a shared drive or SharePoint only?

17 Where do you keep the electronic data and reports you work on? Information Security decision making tool17 On Local drive, Laptop, tablet, smart phone or other device? Yes No

18 Continue Information Security decision making tool18 Using these drives should keep your information secure but check folder and file permissions to make sure the ‘need to know’ principle is applied. Click here for more information Information on shared drives is backed-up at least once a day. Continue to find out more… Using these drives should keep your information secure but check folder and file permissions to make sure the ‘need to know’ principle is applied. Click here for more information Information on shared drives is backed-up at least once a day. Continue to find out more…

19 Information Security decision making tool19 Your information is at risk. If you can share it with your team put it on a shared drive to keep it secure and check folder and file permissions to make sure the ‘need to know’ principle is applied. Click here for more information If your info cannot be shared email IMT for advice nowemail IMT Continue to finish this session or Home to go back to the beginning Your information is at risk. If you can share it with your team put it on a shared drive to keep it secure and check folder and file permissions to make sure the ‘need to know’ principle is applied. Click here for more information If your info cannot be shared email IMT for advice nowemail IMT Continue to finish this session or Home to go back to the beginning Continue

20 Do you use a database or spreadsheet to record information? No Yes Information Security decision making tool20

21 Do you ever work away from your desk? No Yes Information Security decision making tool21

22 Where do you keep the files you access remotely? No Yes Information Security decision making tool22 On H space or shared drive or SharePoint only?

23 Continue Information Security decision making tool23 Using these drives should keep your information secure but check folder and file permissions to make sure the ‘need to know’ principle is applied. Click here for more information Information on shared drives is backed-up at least once a day. Continue to find out more… Using these drives should keep your information secure but check folder and file permissions to make sure the ‘need to know’ principle is applied. Click here for more information Information on shared drives is backed-up at least once a day. Continue to find out more…

24 Where do you keep the files you access remotely? Information Security decision making tool24 Dropbox, Google Docs, One Drive or other cloud based storage? Yes No

25 Where do you keep the files you access remotely? Information Security decision making tool25 Memory stick, CD, DVD, Floppy disk or other storage media? Yes No

26 Continue Information Security decision making tool26 Your information could be at risk. Click here for more information If you can share it with your team put it on a shared drive to keep it secure. If your info cannot be shared, email IMTemail IMT for advice now. Continue to find out more… Your information could be at risk. Click here for more information If you can share it with your team put it on a shared drive to keep it secure. If your info cannot be shared, email IMTemail IMT for advice now. Continue to find out more…

27 Continue Information Security decision making tool27 Your information could be at risk. Click here for more information If you can share it with your team put it on a shared drive to keep it secure. If your info cannot be shared, email IMTemail IMT for advice now. Continue to finish this session or Home to go back to the beginning Your information could be at risk. Click here for more information If you can share it with your team put it on a shared drive to keep it secure. If your info cannot be shared, email IMTemail IMT for advice now. Continue to finish this session or Home to go back to the beginning

28 Is your data sensitive or confidential? No Yes Information Security decision making tool28

29 Have you signed a funding contract? No Yes Information Security decision making tool29

30 Is the LSE the project lead? No Yes Information Security decision making tool30

31 Continue Information Security decision making tool31 Follow the project lead’s guidelines on securing information. Click Finish If you need advice to comply with guidelines, email IMT or the Data Librarian. Click Finishemail IMTData Librarian If no guidelines are available Continue to find out more… Follow the project lead’s guidelines on securing information. Click Finish If you need advice to comply with guidelines, email IMT or the Data Librarian. Click Finishemail IMTData Librarian If no guidelines are available Continue to find out more… Finish

32 Does your research contract specify information security requirements? No Yes Information Security decision making tool32

33 Can you meet the security requirements? No Yes Information Security decision making tool33 Don’t Know Don’t Know

34 Continue Information Security decision making tool34 Comply with the contract. Continue to find out more… Comply with the contract. Continue to find out more…

35 Information Security decision making tool35 Continue Email IMT Email IMT or the Data Librarian for advice. Data Librarian Continue to finish this session or Home to go back to the beginning Email IMT Email IMT or the Data Librarian for advice. Data Librarian Continue to finish this session or Home to go back to the beginning

36 Do/will you keep sensitive personal data? Examples: racial/ethnic origin, political opinion, religious beliefs, trade union membership, physical/mental health condition, sexual life, criminal records No Yes Information Security decision making tool36

37 Do/will you keep personal financial data/reports on financially sensitive subjects Examples: bank and salary details No Yes Information Security decision making tool37

38 Do you keep sensitive information on individuals? Examples: interview transcripts, databases of individual information No Yes Information Security decision making tool38

39 Do you need to share data with academic partners? No Yes Information Security decision making tool39

40 Do you use SharePoint? No Yes Information Security decision making tool40

41 Have you or the site owner received SharePoint training? No Yes Information Security decision making tool41

42 Information Security decision making tool42 Continue Check that the permissions on your site are accurate and that all data is appropriate For more information click here Continue to find out more… Check that the permissions on your site are accurate and that all data is appropriate For more information click here Continue to find out more…

43 Information Security decision making tool43 Continue Contact IMT now for appropriate training options Continue to find out more… Contact IMT now for appropriate training options Continue to find out more…

44 Information Security decision making tool44 Continue Email IMT Email IMT for advice now. Continue to find out more… Email IMT Email IMT for advice now. Continue to find out more…

45 Are you in the end-of-project phase? No Yes Information Security decision making tool45

46 Information Security decision making tool46 Continue Email the Data Librarian for advice. Continue to find out more… Email the Data Librarian for advice. Continue to find out more…

47 Is the information held on paper? No Yes Information Security decision making tool47

48 Information Security decision making tool48 Continue Keep it in a lockable cabinet. Continue to find out more… Keep it in a lockable cabinet. Continue to find out more…

49 Information Security decision making tool49 Thank you for completing the Information Security decision- making tool. Email IMT Email IMT if you have any further queries or concerns or if there is anything else you think we should include in this tool. Thank you for completing the Information Security decision- making tool. Email IMT Email IMT if you have any further queries or concerns or if there is anything else you think we should include in this tool. Finish

50 Information Security decision making tool50 Continue Access control systems are in place to protect the interests of all authorised users of LSE IT systems by providing a safe, secure and accessible environment in which to work. Access rights will be accorded following the principles of least privilege and need to know. Access to LSE IT resources and services will be given through the provision of a unique user account and complex password. For further reading, click this link. http://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/school/acc ConPol.pdf Access control systems are in place to protect the interests of all authorised users of LSE IT systems by providing a safe, secure and accessible environment in which to work. Access rights will be accorded following the principles of least privilege and need to know. Access to LSE IT resources and services will be given through the provision of a unique user account and complex password. For further reading, click this link. http://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/school/acc ConPol.pdf

51 Information Security decision making tool51 Continue Encryption is a way of encoding information so that it cannot be read without the appropriate key to decode it. It is a way of rendering files, volumes or hard disks extremely secure. Encryption should be used to secure data that are in transit or else are accessed and held outside LSE systems, for instance on a home workstation, or on devices that are easy to steal or lose (such as laptops, tablets etc). http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/doc uments/Guidelines-Encryption-Guidelines-v1-1.pdf Encryption is a way of encoding information so that it cannot be read without the appropriate key to decode it. It is a way of rendering files, volumes or hard disks extremely secure. Encryption should be used to secure data that are in transit or else are accessed and held outside LSE systems, for instance on a home workstation, or on devices that are easy to steal or lose (such as laptops, tablets etc). http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/doc uments/Guidelines-Encryption-Guidelines-v1-1.pdf

52 Information Security decision making tool52 Continue Cloud storage is effectively disk space made available by third parties over the internet but are not supported at the LSE. There are many providers of this type of storage but we are going to focus here on Dropbox as an example. We would advise against putting anything into Dropbox that would contain very sensitive information, such as School financial data or datasets that contained the name, address, ethnicity and passport numbers of individuals. This includes information the School classifies as ‘Secret’. Data classed as ‘Secret’ or ‘Confidential’ should be carefully assessed by the owner for the risk of reputational and financial damage if it leaked before putting it in Dropbox. For further reading please click this link. http://www.lse.ac.uk/intranet/LSEServices/IMT/guides/softwareGuides/other/usin gDropboxCloudStorageServices.aspx Cloud storage is effectively disk space made available by third parties over the internet but are not supported at the LSE. There are many providers of this type of storage but we are going to focus here on Dropbox as an example. We would advise against putting anything into Dropbox that would contain very sensitive information, such as School financial data or datasets that contained the name, address, ethnicity and passport numbers of individuals. This includes information the School classifies as ‘Secret’. Data classed as ‘Secret’ or ‘Confidential’ should be carefully assessed by the owner for the risk of reputational and financial damage if it leaked before putting it in Dropbox. For further reading please click this link. http://www.lse.ac.uk/intranet/LSEServices/IMT/guides/softwareGuides/other/usin gDropboxCloudStorageServices.aspx

53 Information Security decision making tool53 Continue USB or similar storage devices are easily lost or stolen, putting any data they contain at great risk of being accidentally or deliberately exposed. The loss of confidential or sensitive personal data on a USB storage device could result in LSE: being fined by the Information Commissioner's Office suffering reputational damage causing distress to those whose data has been lost losing valuable research contracts For further reading please click the link below http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/usingUsbStorageDe vices.aspx USB or similar storage devices are easily lost or stolen, putting any data they contain at great risk of being accidentally or deliberately exposed. The loss of confidential or sensitive personal data on a USB storage device could result in LSE: being fined by the Information Commissioner's Office suffering reputational damage causing distress to those whose data has been lost losing valuable research contracts For further reading please click the link below http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/usingUsbStorageDe vices.aspx

54 Information Security decision making tool54 Continue Email IMT Email IMT for advice now Continue to finish or press Home to go back to the beginning. Email IMT Email IMT for advice now Continue to finish or press Home to go back to the beginning.


Download ppt "Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making."

Similar presentations


Ads by Google