Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Security & E-Mail Confidentiality Integrity Availability.

Similar presentations


Presentation on theme: "Incident Security & E-Mail Confidentiality Integrity Availability."— Presentation transcript:

1 Incident Security & E-Mail Confidentiality Integrity Availability

2 Objectives Logical Security Anti-Virus Software Usernames and Passwords Secure Screen Savers Physical Security Securing the work area Other Security Individual Computer User’s Statement Of Responsibility E-Mail Issues

3 Logical Security

4 Anti-Virus Software Every computer must run an anti- virus software package with virus definition files being no more than 7 days old Configured to download and update automatically unless otherwise configured by a CTSP Incident personnel may not unload or disable anti-virus software All portable media must be scanned before use

5 Anti-Virus Software User responsibilities Never open file attachments from unknown, suspicious, or untrustworthy source Delete spam and junk e-mail Never download files from untrustworthy sources Do not install software without first contacting the incident CTSP Should a virus be detected, disconnect computer from the network and immediately notify a CTSP

6 Usernames and Passwords Do not share passwords Password complexity enabled 8 characters with at least 1 uppercase, 1 lowercase, 1 number and 1 punctuation One logon per ID

7 Secure Screen Saver All computers must have a locking password protected screen saver enabled Timeout is 15 minutes Users will logout of shared machines when stepping away for long periods of time

8 System Settings Login Banner Government owned equipment will display a standard or Agency specific banner at login Leased computers will display a standard banner:

9 System Settings “You are about to access a computer that is owned or leased by the United States government that is intended for authorized use and users only. You should have no expectation of privacy in your use of this network. Use of this network constitutes consent to monitoring, retrieval, and disclosure of any information stored within the network for any purpose including criminal prosecution.”

10 Data Backups: Incident Data Incident CTSP’s are responsible for backing up data residing on all servers Ultimately, your data is your responsibility to secure Back it up - Lock it up. All media that contains backed up data must be secured.

11 Data Backups: I-Suite Under no circumstances shall I-Suite backups remain in the possession of any individual for “historical purposes” Database and data backups (not repository or documentation box copies) will be deleted and destroyed at the end of an incident

12 Data Security: Access Control Users can expect access to be limited to the data that is relevant to their position Additional security measures shall be provided for sensitive data Do not distribute data (files and photos) to individuals. Information generated on a fire belongs to the hosting agency. Have management approval for all users accessing the Incident network

13 Data Security: PII All Federal agencies require employees to take awareness training in dealing with Personally Identifiable Information (PII) This training emphasizes the importance of protecting PII data

14 Data Security: PII Incident Management Teams collect PII data from resources at Check-in. What is considered PII? Full name Telephone number Street address E-mail address Vehicle registration plate number Driver's license number Face, fingerprints, or handwriting Credit card numbers

15 Data Security: PII What is not considered PII? First or last name, if common Country, state, or city of residence Age, especially if non-specific Gender or race Name of the school attending Name of employer Grades, salary, or job position Criminal record Non-PII data does not imply non- private information

16 Data Security: Scrubbing Deleted files are not erased Scrubbing is the process of writing random characters over the entire hard drive All leased computers when being returned must be scrubbed Free space (as opposed to whole disk) scrubbers are acceptable

17 Physical Security

18 Securing the Work Area Equipment containing sensitive data will be secured at all times Pay special attention to high traffic areas Common areas in leased facilities should not be considered secure Provide specific security measures for equipment during non-business hours

19 Other Security Procedures

20 Individual Security Responsibilities Individual Computer User’s Statement of Responsibility Report the loss or theft of data and equipment immediately: Inform the C&G and Security Inform the administrative agency Inform the agency that owned or rented if the loss was equipment Provide for continuity of operations Document all actions

21 E-Mail Issues

22 Legally all e-mail for the Interior needs to be backed up indefinitely due to the Cobell Lawsuit (http://www.doi.gov/ost/cobell) Other Agencies also have backup requirements for e-mail Using Yahoo, HotMail, Gmail, or other free web based solutions does not meet this requirement

23 E-Mail Issues Use of the Dispatch Messaging System (DMS) meets the needs of the court DMS is an e-mail system that is used by all Dispatch offices All email sent through DMS is archived DMS is available to all Area Command Teams and Incident Management Teams

24 E-Mail Issues For example, the Northern Rockies Teams: Type 1 Team NRIMT101@dms.nwcg.gov Type 2 Team NRIMT201@dms.nwcg.gov

25 E-Mail Issues All Type 1 & 2 Teams already have these email accounts Some Area Command Teams have these accounts If you need an email account contact Steve Simon ssimon@fs.fed.us 406 896-2877

26 Questions?


Download ppt "Incident Security & E-Mail Confidentiality Integrity Availability."

Similar presentations


Ads by Google