information security decision- making tool what kind of data do i have and how do i protect it...

Information Security decision making tool 1

Information Security Decision-Making Tool

What kind of data do I have and how do I protect it appropriately?

Continue

Choose the menu option which best describes how you are working with LSE Information. You may use this several times for

different aspects of your work

HR or other confidential records Financial records

Other types of work with LSE information

Research Exam information

Do you keep HR records on other people or yourself?

Including our own career development review or documents

No Yes

Continue

This information is confidential

Continue to find out more…

Do you keep sensitive information on individuals?

Excluding contact details for colleagues that is freely given

No Yes

Do you keep sensitive information on exams?

Including papers, results, discussions about questions or candidates

No Yes

Do you keep financial records?Excluding published company accounts that are in the

public domain

No Yes

Is the information held on paper?

No Yes

Continue

Keep it in a lockable cabinet

Do you protect electronic information with MS Office

passwords?

No Yes

Continue

Your information is not secure enough

with this alone.

Do you keep it on H space or a shared drive with appropriate

folder permissions?

No YesDon’t Know

Continue

GoodClick here for more information

Continue to finish this session or Home to go back to the beginning

Do you protect it with file encryption?

No Yes

Continue

Click here for more information

Where do you keep the electronic data and reports you work on?

No Yes On H space or a shared drive or SharePoint only?

Where do you keep the electronic data and reports you work on?

On Local drive, Laptop, tablet, smart phone or other device? YesNo

Continue

Using these drives should keep your information secure but check

folder and file permissions to make sure the ‘need to know’

principle is applied.

Information on shared drives is backed-up at least once a day.

Your information is at risk. If you can share it with your team put it on a shared drive to keep it secure and

check folder and file permissions to make sure the ‘need to know’ principle

is applied. Click here for more information

If your info cannot be shared email IMT for advice now

Continue

Do you use a database or spreadsheet to record

information?

No Yes

Do you ever work away from your desk?

No Yes

Where do you keep the files you access remotely?

No YesOn H space or shared drive or SharePoint only?

Continue

Using these drives should keep your information secure but

check folder and file permissions to make sure the ‘need to know’

principle is applied.

Information on shared drives is backed-up at least once a day.

Dropbox, Google Docs, One Drive or other cloud based storage?

Memory stick, CD, DVD, Floppy disk or other storage media?

Continue

Your information could be at risk.

If you can share it with your team put it on a shared drive to keep it

secure. If your info cannot be shared,

email IMT for advice now.

Continue

Your information could be at risk. Click here for more information

If you can share it with your team put it on a shared drive to keep it

secure. If your info cannot be shared,

email IMT for advice now.

Is your data sensitive or confidential?

No Yes

Have you signed a funding contract?

No Yes

Is the LSE the project lead?

No Yes

Continue

Follow the project lead’s guidelines on securing information.

Click Finish

If you need advice to comply with guidelines, email IMT or the Data Librarian. Click Finish

If no guidelines are available Continue to find out more…

Finish

Does your research contract specify information security requirements?

No Yes

Can you meet the security requirements?

No YesDon’t Know

Continue

Comply with the contract.

Continue

Email IMT or the Data Librarian

for advice.

Continue to finish this session or Home to go back to the

beginning

Do/will you keep sensitive personal data?

Examples: racial/ethnic origin, political opinion, religious beliefs, trade union membership, physical/mental health

condition, sexual life, criminal records

No Yes

Do/will you keep personal financial data/reports on financially sensitive

subjectsExamples: bank and salary details

No Yes

Do you keep sensitive information on individuals?

Examples: interview transcripts, databases of individual information

No Yes

Do you need to share data with academic partners?

No Yes

Do you use SharePoint?

No Yes

Have you or the site owner received SharePoint training?

No Yes

Continue

Check that the permissions on your site are accurate and that

all data is appropriate

For more information click here

Continue

Contact IMT now for appropriate training

options

Continue

Email IMT for advice now.

Are you in the end-of-project phase?

No Yes

Continue

Email theData Librarian

for advice.

Is the information held on paper?

No Yes

Continue

Keep it in a lockable cabinet.

Thank you for completing the Information Security decision-making tool.

Email IMT if you have any further queries or concerns or if there is anything else you think we should include in this tool.

Finish

Continue

Access control systems are in place to protect the interests of all authorised users of LSE IT systems by providing a safe, secure and accessible environment in which to work.

Access rights will be accorded following the principles of least privilege and need to know.

Access to LSE IT resources and services will be given through the provision of a unique user account and complex password.

For further reading, click this link.

http://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/school/accConPol.pdf

Continue

Encryption is a way of encoding information so that it cannot be read without the appropriate key to decode it. It is a way of rendering files, volumes or hard disks extremely secure.

Encryption should be used to secure data that are in transit or else are accessed and held outside LSE systems, for instance on a home workstation, or on devices that are easy to steal or lose (suchas laptops, tablets etc).

http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/documents/Guidelines-Encryption-Guidelines-v1-1.pdf

Continue

Cloud storage is effectively disk space made available by third parties over the internet but are not supported at the LSE. There are many providers of this type of storage but we are going to focus here on Dropbox as an example.

We would advise against putting anything into Dropbox that would contain very sensitive information, such as School financial data or datasets that contained the name, address, ethnicity and passport numbers of individuals. This includes information the School classifies as ‘Secret’. Data classed as ‘Secret’ or ‘Confidential’ should be carefully assessed by the owner for the risk of reputational and financial damage if it leaked before putting it in Dropbox.

For further reading please click this link.

http://www.lse.ac.uk/intranet/LSEServices/IMT/guides/softwareGuides/other/usingDropboxCloudStorageServices.aspx

Continue

USB or similar storage devices are easily lost or stolen, putting any data they contain at great risk of being accidentally or deliberately exposed. The loss of confidential or sensitive personal data on a USB storage device could result in LSE:

• being fined by the Information Commissioner's Office• suffering reputational damage• causing distress to those whose data has been lost• losing valuable research contracts

For further reading please click the link below

http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/usingUsbStorageDevices.aspx

Continue

Email IMT for advice now

Continue to finish or press Home to go back to the beginning.

information security decision- making tool what kind of data do i have and how do i protect it...

Documents

effective decision making - microsoft · emotional...

an experiment in security decision making

decision and decision making

making participation in decision making more than just …...

national security decision-making in israel: processes...

decision making - santa clara...

the media and national security...

discovering decision-making patterns for security novices

strategic decision making - uliege.be decision... ·...

shared decision-making implementation...

an example collaborative exercise for decision making in...

dynamic decision-making adaptive management: structured...

ethical decision ethical decision--making making … ·...

analytical tools to support water security...

element 8 judgement and decision making defining judgement...

managerial decision- making. distribution of...

decision making, cbmc, consumer behaviour in decision making

good decision making, decision making, making good decisions

1 critical decision-making techniques. 2 decision making

national security decision-making in india - eth z · he...