information security decision- making tool what kind of data do i have and how do i protect it...

Information Security decision making tool 1

Information Security Decision-Making Tool

What kind of data do I have and how do I protect it appropriately?

Continue


Choose the menu option which best describes how you are working with LSE Information. You may use this several times for

different aspects of your work

HR or other confidential records Financial records

Other types of work with LSE information

Research Exam information


Do you keep HR records on other people or yourself?

Including our own career development review or documents

No Yes


Continue

This information is confidential

Continue to find out more…


Do you keep sensitive information on individuals?

Excluding contact details for colleagues that is freely given

No Yes


Do you keep sensitive information on exams?

Including papers, results, discussions about questions or candidates

No Yes


Do you keep financial records?Excluding published company accounts that are in the

public domain

No Yes


Is the information held on paper?

No Yes


Continue

Keep it in a lockable cabinet



Do you protect electronic information with MS Office

passwords?

No Yes


Continue

Your information is not secure enough

with this alone.



Do you keep it on H space or a shared drive with appropriate

folder permissions?

No YesDon’t Know


Continue

GoodClick here for more information

Continue to finish this session or Home to go back to the beginning


Do you protect it with file encryption?

No Yes


Continue

Good

Click here for more information



Where do you keep the electronic data and reports you work on?

No Yes On H space or a shared drive or SharePoint only?


Where do you keep the electronic data and reports you work on?

On Local drive, Laptop, tablet, smart phone or other device? YesNo


Continue

Using these drives should keep your information secure but check

folder and file permissions to make sure the ‘need to know’

principle is applied.


Information on shared drives is backed-up at least once a day.



Your information is at risk. If you can share it with your team put it on a shared drive to keep it secure and

check folder and file permissions to make sure the ‘need to know’ principle

is applied. Click here for more information

If your info cannot be shared email IMT for advice now


Continue

mailto:It.Servicedesk%20%[email protected]%3E




Do you use a database or spreadsheet to record

information?

No Yes


Do you ever work away from your desk?

No Yes


Where do you keep the files you access remotely?

No YesOn H space or shared drive or SharePoint only?


Continue

Using these drives should keep your information secure but

check folder and file permissions to make sure the ‘need to know’

principle is applied.


Information on shared drives is backed-up at least once a day.




Dropbox, Google Docs, One Drive or other cloud based storage?

YesNo



Memory stick, CD, DVD, Floppy disk or other storage media?

YesNo


Continue

Your information could be at risk.


If you can share it with your team put it on a shared drive to keep it

secure. If your info cannot be shared,

email IMT for advice now.






Continue

Your information could be at risk. Click here for more information

If you can share it with your team put it on a shared drive to keep it

secure. If your info cannot be shared,

email IMT for advice now.






Is your data sensitive or confidential?

No Yes


Have you signed a funding contract?

No Yes


Is the LSE the project lead?

No Yes


Continue

Follow the project lead’s guidelines on securing information.

Click Finish

If you need advice to comply with guidelines, email IMT or the Data Librarian. Click Finish

If no guidelines are available Continue to find out more…

Finish



mailto:Datalibrary%20%[email protected]%3E


Does your research contract specify information security requirements?

No Yes


Can you meet the security requirements?

No YesDon’t Know


Continue

Comply with the contract.



Continue

Email IMT or the Data Librarian

for advice.

Continue to finish this session or Home to go back to the

beginning






Do/will you keep sensitive personal data?

Examples: racial/ethnic origin, political opinion, religious beliefs, trade union membership, physical/mental health

condition, sexual life, criminal records

No Yes


Do/will you keep personal financial data/reports on financially sensitive

subjectsExamples: bank and salary details

No Yes


Do you keep sensitive information on individuals?

Examples: interview transcripts, databases of individual information

No Yes


Do you need to share data with academic partners?

No Yes


Do you use SharePoint?

No Yes


Have you or the site owner received SharePoint training?

No Yes


Continue

Check that the permissions on your site are accurate and that

all data is appropriate

For more information click here


http://www.lse.ac.uk/intranet/LSEServices/IMThttp:/www.lse.ac.uk/intranet/LSEServices/IMT/facilities/sharepoint/FAQs.aspx#permissions


Continue

Contact IMT now for appropriate training

options



Continue

Email IMT for advice now.






Are you in the end-of-project phase?

No Yes


Continue

Email theData Librarian

for advice.





Is the information held on paper?

No Yes


Continue

Keep it in a lockable cabinet.



Thank you for completing the Information Security decision-making tool.

Email IMT if you have any further queries or concerns or if there is anything else you think we should include in this tool.

Finish





Continue

Access control systems are in place to protect the interests of all authorised users of LSE IT systems by providing a safe, secure and accessible environment in which to work.

Access rights will be accorded following the principles of least privilege and need to know.

Access to LSE IT resources and services will be given through the provision of a unique user account and complex password.

For further reading, click this link.

http://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/school/accConPol.pdf





Continue

Encryption is a way of encoding information so that it cannot be read without the appropriate key to decode it. It is a way of rendering files, volumes or hard disks extremely secure.

Encryption should be used to secure data that are in transit or else are accessed and held outside LSE systems, for instance on a home workstation, or on devices that are easy to steal or lose (suchas laptops, tablets etc).

http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/documents/Guidelines-Encryption-Guidelines-v1-1.pdf





Continue

Cloud storage is effectively disk space made available by third parties over the internet but are not supported at the LSE. There are many providers of this type of storage but we are going to focus here on Dropbox as an example.

We would advise against putting anything into Dropbox that would contain very sensitive information, such as School financial data or datasets that contained the name, address, ethnicity and passport numbers of individuals. This includes information the School classifies as ‘Secret’. Data classed as ‘Secret’ or ‘Confidential’ should be carefully assessed by the owner for the risk of reputational and financial damage if it leaked before putting it in Dropbox.

For further reading please click this link.

http://www.lse.ac.uk/intranet/LSEServices/IMT/guides/softwareGuides/other/usingDropboxCloudStorageServices.aspx





Continue

USB or similar storage devices are easily lost or stolen, putting any data they contain at great risk of being accidentally or deliberately exposed. The loss of confidential or sensitive personal data on a USB storage device could result in LSE:

• being fined by the Information Commissioner's Office• suffering reputational damage• causing distress to those whose data has been lost• losing valuable research contracts

For further reading please click the link below

http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/usingUsbStorageDevices.aspx





Continue

Email IMT for advice now

Continue to finish or press Home to go back to the beginning.




information security decision- making tool what kind of data do i have and how do i protect it...

Documents