information security decision- making tool what kind of data do i have and how do i protect it...
TRANSCRIPT
Information Security decision making tool 1
Information Security Decision-Making Tool
What kind of data do I have and how do I protect it appropriately?
Continue
Information Security decision making tool 2
Choose the menu option which best describes how you are working with LSE Information. You may use this several times for
different aspects of your work
HR or other confidential records Financial records
Other types of work with LSE information
Research Exam information
Information Security decision making tool 3
Do you keep HR records on other people or yourself?
Including our own career development review or documents
No Yes
Information Security decision making tool 4
Continue
This information is confidential
Continue to find out more…
Information Security decision making tool 5
Do you keep sensitive information on individuals?
Excluding contact details for colleagues that is freely given
No Yes
Information Security decision making tool 6
Do you keep sensitive information on exams?
Including papers, results, discussions about questions or candidates
No Yes
Information Security decision making tool 7
Do you keep financial records?Excluding published company accounts that are in the
public domain
No Yes
Information Security decision making tool 8
Is the information held on paper?
No Yes
Information Security decision making tool 9
Continue
Keep it in a lockable cabinet
Continue to find out more…
Information Security decision making tool 10
Do you protect electronic information with MS Office
passwords?
No Yes
Information Security decision making tool 11
Continue
Your information is not secure enough
with this alone.
Continue to find out more…
Information Security decision making tool 12
Do you keep it on H space or a shared drive with appropriate
folder permissions?
No YesDon’t Know
Information Security decision making tool 13
Continue
GoodClick here for more information
Continue to finish this session or Home to go back to the beginning
Information Security decision making tool 14
Do you protect it with file encryption?
No Yes
Information Security decision making tool 15
Continue
Good
Click here for more information
Continue to finish this session or Home to go back to the beginning
Information Security decision making tool 16
Where do you keep the electronic data and reports you work on?
No Yes On H space or a shared drive or SharePoint only?
Information Security decision making tool 17
Where do you keep the electronic data and reports you work on?
On Local drive, Laptop, tablet, smart phone or other device? YesNo
Information Security decision making tool 18
Continue
Using these drives should keep your information secure but check
folder and file permissions to make sure the ‘need to know’
principle is applied.
Click here for more information
Information on shared drives is backed-up at least once a day.
Continue to find out more…
Information Security decision making tool 19
Your information is at risk. If you can share it with your team put it on a shared drive to keep it secure and
check folder and file permissions to make sure the ‘need to know’ principle
is applied. Click here for more information
If your info cannot be shared email IMT for advice now
Continue to finish this session or Home to go back to the beginning
Continue
Information Security decision making tool 20
Do you use a database or spreadsheet to record
information?
No Yes
Information Security decision making tool 21
Do you ever work away from your desk?
No Yes
Information Security decision making tool 22
Where do you keep the files you access remotely?
No YesOn H space or shared drive or SharePoint only?
Information Security decision making tool 23
Continue
Using these drives should keep your information secure but
check folder and file permissions to make sure the ‘need to know’
principle is applied.
Click here for more information
Information on shared drives is backed-up at least once a day.
Continue to find out more…
Information Security decision making tool 24
Where do you keep the files you access remotely?
Dropbox, Google Docs, One Drive or other cloud based storage?
YesNo
Information Security decision making tool 25
Where do you keep the files you access remotely?
Memory stick, CD, DVD, Floppy disk or other storage media?
YesNo
Information Security decision making tool 26
Continue
Your information could be at risk.
Click here for more information
If you can share it with your team put it on a shared drive to keep it
secure. If your info cannot be shared,
email IMT for advice now.
Continue to find out more…
Information Security decision making tool 27
Continue
Your information could be at risk. Click here for more information
If you can share it with your team put it on a shared drive to keep it
secure. If your info cannot be shared,
email IMT for advice now.
Continue to finish this session or Home to go back to the beginning
Information Security decision making tool 28
Is your data sensitive or confidential?
No Yes
Information Security decision making tool 29
Have you signed a funding contract?
No Yes
Information Security decision making tool 30
Is the LSE the project lead?
No Yes
Information Security decision making tool 31
Continue
Follow the project lead’s guidelines on securing information.
Click Finish
If you need advice to comply with guidelines, email IMT or the Data Librarian. Click Finish
If no guidelines are available Continue to find out more…
Finish
Information Security decision making tool 32
Does your research contract specify information security requirements?
No Yes
Information Security decision making tool 33
Can you meet the security requirements?
No YesDon’t Know
Information Security decision making tool 34
Continue
Comply with the contract.
Continue to find out more…
Information Security decision making tool 35
Continue
Email IMT or the Data Librarian
for advice.
Continue to finish this session or Home to go back to the
beginning
Information Security decision making tool 36
Do/will you keep sensitive personal data?
Examples: racial/ethnic origin, political opinion, religious beliefs, trade union membership, physical/mental health
condition, sexual life, criminal records
No Yes
Information Security decision making tool 37
Do/will you keep personal financial data/reports on financially sensitive
subjectsExamples: bank and salary details
No Yes
Information Security decision making tool 38
Do you keep sensitive information on individuals?
Examples: interview transcripts, databases of individual information
No Yes
Information Security decision making tool 39
Do you need to share data with academic partners?
No Yes
Information Security decision making tool 40
Do you use SharePoint?
No Yes
Information Security decision making tool 41
Have you or the site owner received SharePoint training?
No Yes
Information Security decision making tool 42
Continue
Check that the permissions on your site are accurate and that
all data is appropriate
For more information click here
Continue to find out more…
Information Security decision making tool 43
Continue
Contact IMT now for appropriate training
options
Continue to find out more…
Information Security decision making tool 44
Continue
Email IMT for advice now.
Continue to find out more…
Information Security decision making tool 45
Are you in the end-of-project phase?
No Yes
Information Security decision making tool 46
Continue
Email theData Librarian
for advice.
Continue to find out more…
Information Security decision making tool 47
Is the information held on paper?
No Yes
Information Security decision making tool 48
Continue
Keep it in a lockable cabinet.
Continue to find out more…
Information Security decision making tool 49
Thank you for completing the Information Security decision-making tool.
Email IMT if you have any further queries or concerns or if there is anything else you think we should include in this tool.
Finish
Information Security decision making tool 50
Continue
Access control systems are in place to protect the interests of all authorised users of LSE IT systems by providing a safe, secure and accessible environment in which to work.
Access rights will be accorded following the principles of least privilege and need to know.
Access to LSE IT resources and services will be given through the provision of a unique user account and complex password.
For further reading, click this link.
http://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/school/accConPol.pdf
Information Security decision making tool 51
Continue
Encryption is a way of encoding information so that it cannot be read without the appropriate key to decode it. It is a way of rendering files, volumes or hard disks extremely secure.
Encryption should be used to secure data that are in transit or else are accessed and held outside LSE systems, for instance on a home workstation, or on devices that are easy to steal or lose (suchas laptops, tablets etc).
http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/documents/Guidelines-Encryption-Guidelines-v1-1.pdf
Information Security decision making tool 52
Continue
Cloud storage is effectively disk space made available by third parties over the internet but are not supported at the LSE. There are many providers of this type of storage but we are going to focus here on Dropbox as an example.
We would advise against putting anything into Dropbox that would contain very sensitive information, such as School financial data or datasets that contained the name, address, ethnicity and passport numbers of individuals. This includes information the School classifies as ‘Secret’. Data classed as ‘Secret’ or ‘Confidential’ should be carefully assessed by the owner for the risk of reputational and financial damage if it leaked before putting it in Dropbox.
For further reading please click this link.
http://www.lse.ac.uk/intranet/LSEServices/IMT/guides/softwareGuides/other/usingDropboxCloudStorageServices.aspx
Information Security decision making tool 53
Continue
USB or similar storage devices are easily lost or stolen, putting any data they contain at great risk of being accidentally or deliberately exposed. The loss of confidential or sensitive personal data on a USB storage device could result in LSE:
• being fined by the Information Commissioner's Office• suffering reputational damage• causing distress to those whose data has been lost• losing valuable research contracts
For further reading please click the link below
http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/usingUsbStorageDevices.aspx
Information Security decision making tool 54
Continue
Email IMT for advice now
Continue to finish or press Home to go back to the beginning.