1 / 20

IRUA V2.0

IRUA V2.0. Introduction. Welcome Tad Stahl, CISO tstahl@iot.in.gov 234-3434 Jeff Hicks, Business Systems Consultant jhicks@iot.in.gov 232-4662. Riddle. MickeyMinniePlutoHueyLoueyDeweyDonaldGoofy. Last Time Around. More than 23,000 employees electronically accepted the agreement

suki
Télécharger la présentation

IRUA V2.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IRUA V2.0

  2. Introduction • Welcome • Tad Stahl, CISO tstahl@iot.in.gov 234-3434 • Jeff Hicks, Business Systems Consultant jhicks@iot.in.gov 232-4662

  3. Riddle • MickeyMinniePlutoHueyLoueyDeweyDonaldGoofy

  4. Last Time Around • More than 23,000 employees electronically accepted the agreement • Password issues with PeopleSoft – 2 completions, 1 HD call • Your support was pivotal to the success

  5. This Time Around • Ethics and sexual harassment training experience and improvements in ELM • Active Directory password integration with PeopleSoft • Agency controlled reporting

  6. IRUA V2 Removals • Removal of de minimis from IRUA • V2: 1a. Use for State Business. I understand that Information Resources are to be used to solely conduct the business of state government with exceptions limited to those in accordance with State Ethics Rule 42 IAC 1-5-12 and my agency’s policy. • V1: 1a. Use for State Business. I understand that Information Resources are to be used to conduct the business of state government. I understand that Information Resources may be used for de minimis, i.e., limited, personal use that cannot reasonably be handled away from work. I shall minimize personal use of Information Resources.

  7. Sec. 12. A state officer, employee, or special state appointee shall not make use of state materials, funds, property, personnel, facilities, or equipment for any purpose other than for official state business unless the use is expressly permitted by a general written agency, departmental, or institutional policy or regulation. (Office of the Inspector General; 42 IAC 1-5-12; filed Dec 7, 2005, 2:45 p.m.: 29 IR 1210) • Each agency has their own personal use policy • IOT’s: http://www.in.gov/iot/files/IOT_De_Minimis_Use.pdf

  8. IRUA V2 Removals • V1 - 2a. Commercial & Politics. I shall not use Information Resources to conduct business related to an outside, for profit, commercial activity. Unless permitted by law, I shall not use Information Resources to support any political party or candidate. • Covered by Ethics laws, policies and training

  9. IRUA V2 Removals • V1 – 2c. Inappropriate Material. I shall not use Information Resources to access, upload, download, or distribute any jokes, comments, messages, or any other materials that are considered pornographic, obscene, sexually explicit, discriminatory, harassing, or defamatory, to employees or third parties, including but not limited to any content that might offend someone on the basis of age, gender, race, national origin, disability, or religion. • Covered by de minimis, sexual harassment, HR policies

  10. IRUA V2 Additions • Strengthening/specifying the protection of PI • 2a. Unauthorized Disclosure of Confidential Information. I shall not disclose confidential information to unauthorized parties. This includes Social Security, driver's license, identification card, financial account, credit card, or debit card numbers. It also includes security and access codes, passwords of an individual's financial account or personal health information. I acknowledge that certain information is confidential or discretionary by law and it is my duty to protect that information from unauthorized disclosure.

  11. IRUA V2 Additions • V2 – 2f.Remote Control. I shall not use any remote control software or service on any internal or external host personal computers or systems not specifically approved by agency management, IOT support, and the CISO. • Goal is to keep personal information in state control

  12. IRUA V2 Additions • V2 – 3.Storage of Information. I shall store state owned information only on state provided storage media. Storage of state information on non-state owned PCs, laptops, flash drives, CDs and other forms of media is prohibited. • To ensure state owned data remains within state control • USB sticks available via Dell QPA • USB drives will have hardware encryption, more expensive

  13. IRUA V2 Additions • V2 – 4. Adherence to Security Guidance. I shall ensure that protective measures are implemented promptly as directed by IOT and that computing devices are connected to the network at least once per month to receive protective updates and patches. • Intended to make clear that in urgent situations, if user assistance or attention is required, users need to be responsive. • Users must connect to the network once per month to get updates

  14. IRUA V2 Other Notes • Enforcement of: 1c. Protecting from Misuse & Damage. I shall use care in protecting against unauthorized access, misuse, theft, damage, or unauthorized modification of Information Resources. I shall not leave a workstation without first ensuring it is properly secured from unauthorized access. I shall use good judgment to safely transport and store Information Resources in and away from the workplace. • Many thefts reported where there is carelessness, neglect • Employee reimbursement practice under consideration

  15. IRUA V2 Other Notes • V1 - 2f. Chain Letters & Spam. I shall not knowingly forward or respond to chain letters, pyramid selling schemes, marketing schemes, or unsolicited external commercial email, commonly referred to as “spam.” • V2 – 5. Spam Awareness and Email Performance. I shall be aware of the characteristics and dangers of spam messages. I shall not navigate to web links embedded in spam messages. I shall not send or reply to messages that would negatively impact the performance of the email system (e.g. – “replying to all” on a message received in error). • Content issues are removed – “inappropriate”, jokes, etc., increased focus on security dangers presented by Spam, performance impact.

  16. Expectations for Roll Out • All current employees and contractors will complete the training and accept the agreement • New hires and contractors will take the training and accept the agreement • Remember that some parts of acceptable use have been removed from the IRUA. Ethics and other policies may need to be referenced and/or enforced in disciplinary situations • Long term - users will have their network access disabled if they have not completed the IRUA training and acceptance process

  17. Planning the Rollout • General rollout begin after Open Enrollment • ISDH will be the pilot agency • Pace of the rollout will be at the rate of calls the Help Desk can handle • Please let us know if your agency would like to proceed early or of scheduling conflicts • Likely to have a prep meeting with agencies prior to their rollout to provide template messages to staff, share findings of pilot, set expectations

  18. Training Module Overview • Simplified, less busy screens in the training module • Similar approach to last IRUA training module, proceeds section by section • Developed in flash, uses PeopleSoft ELM

  19. Reporting • Agency staff will be able to run their own reports • Enables agencies to see progress on the initial mass rollout • Identify those that have not agreed to the IRUA on an ongoing basis

  20. Questions • Questions

More Related