health and human services: module 3 slides

8/14/2019 Health and Human Services: module 3 slides

http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 1/20

3-1



3-2

Learning ObjectivesLearning Objectives

• Discuss measures to address:

– Physical Security

– Technical Security

– Administrative Security



3-3

Th re e Maj or A reas ofhr ee Maj or A reas of

Securityecurity

PHYSICAL

TECHNICALTECHNICAL ADMINISTRATIVEADMINISTRATIVE



3-4



3-5

Physical Security -Physical Security -

PrecautionsPrecautions

• Security Drills

• EvacuationTechniques

• Bomb Threats



3-6

Physical Security – SensitivePhysical Security – Sensitive

DataData• Proper Handling of Proper Handling of

SensitiveSensitive

InformationInformation – Fax Machines

– Copy Machines

– Locked file cabinets

– Do NOT leavesensitive information

out in the open



3-7

Fax Requirements for IRS DataFax Requirements for IRS Data

• Staff member at both sending and receiving

of fax

• Maintain broadcast lists• Include a cover sheet that provides guidance

to the recipient

– Notification of the sensitivity/need for protection

– Notice to unintended recipient to phone sender

2-5



3-8

Physical Security- RestrictedPhysical Security- Restricted

Areas Areas• Security/RestrictedSecurity/Restricted

AreasAreas

– Authorizedpersonnel only

– Access logs

• These logs are

subject to audit by

IRS



3-9

Technical Security – WarningTechnical Security – Warning

BannersBanners

• Warning Banner

– Read andunderstand; you are

liable for civil and

criminal penalties



3-10

Technical Security-PasswordsTechnical Security-Passwords

• PasswordsPasswords

– Audit trails

– Log-off computer when away from

desk for an extended

period of time

– Password protectedscreensavers



3-11

Technical Security – SafeTechnical Security – Safe

ComputingComputing

• E-mail attachments

– Do not openattachments that

you are not

expecting



3-12

Technical Security – HomeTechnical Security – Home

ComputingComputing

• DSL Lines

• Firewalls

• Virus Protection

Software



3-13

Administrative Security - Administrative Security -

Sensitive DataSensitive Data

Logging of Sensitive InformationLogging of Sensitive Information

– Record all incoming and outgoing tapes and

hard copy

• All sensitive information must be accounted for

• All sensitive information must be tracked

• Manual log with transition to automated database



3-14


Retention RequirementsRetention Requirements• Federal Tax

Information (FTI) – Governed by IRC 6103

• National Directory of

New Hires (NDNH)

– Governed by Section

453



3-15

Administrative Security- Administrative Security-

Transporting Sensitive DataTransporting Sensitive Data

• Authorized personnel only

• Label all tapes or hard copy containing

IRS data as “Federal Tax Data”



3-16


DisposalDisposal – Burning

• All sensitive data

should be destroyed

using an incinerator to ensure all pages

are consumed

– Shredding

• Documents must be

shred perpendicular

to the cutting line and

be in 5/16 inch wide

strips or smaller



3-17

Administrative Security – Administrative Security –

Incident Handling/ReportingIncident Handling/Reporting• Policies for:

• Viruses, malicioussoftware, hoaxes,

vandalism,

automated attacks

and intrusions

• Defines roles andresponsibilities for:

• Managers,

Supervisors, Users



3-18


Employee DeparturesEmployee DeparturesEmployee DepartureEmployee Departure

ChecklistChecklist

– Notifies Security Unitupon an employee’sdeparture

– Must be submitted to theSecurity Unit within

designated timeframe – Ensure system access,and building access areterminated promptly



3-19


Workplace ViolenceWorkplace Violence

• WorkplaceWorkplaceViolenceViolence

– Policies andPolicies and

proceduresprocedures



3-20

Su mmar yu m mar y

PHYSICAL

TECHNICALTECHNICAL ADMINISTRATIVEADMINISTRATIVE