health and human services: module 3 slides
TRANSCRIPT
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 1/20
3-1
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 2/20
3-2
Learning ObjectivesLearning Objectives
• Discuss measures to address:
– Physical Security
– Technical Security
– Administrative Security
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 3/20
3-3
Th re e Maj or A reas ofhr ee Maj or A reas of
Securityecurity
PHYSICAL
TECHNICALTECHNICAL ADMINISTRATIVEADMINISTRATIVE
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 4/20
3-4
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 5/20
3-5
Physical Security -Physical Security -
PrecautionsPrecautions
• Security Drills
• EvacuationTechniques
• Bomb Threats
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 6/20
3-6
Physical Security – SensitivePhysical Security – Sensitive
DataData• Proper Handling of Proper Handling of
SensitiveSensitive
InformationInformation – Fax Machines
– Copy Machines
– Locked file cabinets
– Do NOT leavesensitive information
out in the open
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 7/20
3-7
Fax Requirements for IRS DataFax Requirements for IRS Data
• Staff member at both sending and receiving
of fax
• Maintain broadcast lists• Include a cover sheet that provides guidance
to the recipient
– Notification of the sensitivity/need for protection
– Notice to unintended recipient to phone sender
2-5
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 8/20
3-8
Physical Security- RestrictedPhysical Security- Restricted
Areas Areas• Security/RestrictedSecurity/Restricted
AreasAreas
– Authorizedpersonnel only
– Access logs
• These logs are
subject to audit by
IRS
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 9/20
3-9
Technical Security – WarningTechnical Security – Warning
BannersBanners
• Warning Banner
– Read andunderstand; you are
liable for civil and
criminal penalties
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 10/20
3-10
Technical Security-PasswordsTechnical Security-Passwords
• PasswordsPasswords
– Audit trails
– Log-off computer when away from
desk for an extended
period of time
– Password protectedscreensavers
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 11/20
3-11
Technical Security – SafeTechnical Security – Safe
ComputingComputing
• E-mail attachments
– Do not openattachments that
you are not
expecting
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 12/20
3-12
Technical Security – HomeTechnical Security – Home
ComputingComputing
• DSL Lines
• Firewalls
• Virus Protection
Software
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 13/20
3-13
Administrative Security - Administrative Security -
Sensitive DataSensitive Data
Logging of Sensitive InformationLogging of Sensitive Information
– Record all incoming and outgoing tapes and
hard copy
• All sensitive information must be accounted for
• All sensitive information must be tracked
• Manual log with transition to automated database
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 14/20
3-14
Administrative Security - Administrative Security -
Retention RequirementsRetention Requirements• Federal Tax
Information (FTI) – Governed by IRC 6103
• National Directory of
New Hires (NDNH)
– Governed by Section
453
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 15/20
3-15
Administrative Security- Administrative Security-
Transporting Sensitive DataTransporting Sensitive Data
• Authorized personnel only
• Label all tapes or hard copy containing
IRS data as “Federal Tax Data”
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 16/20
3-16
Administrative Security - Administrative Security -
DisposalDisposal – Burning
• All sensitive data
should be destroyed
using an incinerator to ensure all pages
are consumed
– Shredding
• Documents must be
shred perpendicular
to the cutting line and
be in 5/16 inch wide
strips or smaller
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 17/20
3-17
Administrative Security – Administrative Security –
Incident Handling/ReportingIncident Handling/Reporting• Policies for:
• Viruses, malicioussoftware, hoaxes,
vandalism,
automated attacks
and intrusions
• Defines roles andresponsibilities for:
• Managers,
Supervisors, Users
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 18/20
3-18
Administrative Security- Administrative Security-
Employee DeparturesEmployee DeparturesEmployee DepartureEmployee Departure
ChecklistChecklist
– Notifies Security Unitupon an employee’sdeparture
– Must be submitted to theSecurity Unit within
designated timeframe – Ensure system access,and building access areterminated promptly
8/14/2019 Health and Human Services: module 3 slides
http://slidepdf.com/reader/full/health-and-human-services-module-3-slides 19/20
3-19
Administrative Security- Administrative Security-
Workplace ViolenceWorkplace Violence
• WorkplaceWorkplaceViolenceViolence
– Policies andPolicies and
proceduresprocedures