Computer Security Training for New DOL Users - OSHA Extranet

Computer Security Training
for New DOL Users

Department of Labor - OSHA
New Employee Orientation

Why Are We Here?

  • Computer Security Act of 1987
  • Office of Personnel Management (OPM) regulations
  • Office of Management and Budget Circular A-130, Appendix III
  • Federal Information Security Management Act (FISMA)

What's on the Agenda?

  • Employee Acceptance at Login
  • Appropriate Use of DOL IT resources
  • Password Protection
  • DOL IT Resource Protection
  • Worms and viruses
  • Visitors and other distractions

I agreed to what?!

Person holding their head in their hands
  • All information belongs to DOL
    • May be monitored, intercepted, recorded, read, copied or captured by authorized personnel and given to law enforcement officials if potential evidence of crime
  • Use = Consent
    • There is no expectation of privacy
  • Users are responsible for data, equipment and resources

Appropriate Use of DOL IT Resources

Illustration of worker talking on a phone
  • You may use your DOL computer for personal use if:
    • Use does not result in loss of productivity or interfere with official duties
    • Occurs during non-work time
    • Incurs only negligible expense
      • Charges or supplies
      • Equipment wear and tear
      • Data storage

What can't I do?

Illustration of worker with a question mark near their head
  • Congest, delay or disrupt system services
  • Use to gain unauthorized access to other systems
  • Send unauthorized mass mailings
  • Conduct illegal activities (I.e. Gambling)
  • Access/transmit sexually explicit or oriented materials
  • Use for commercial or "for profit" activities
  • Raise funds, endorse products or services
  • Lobby or conduct prohibited partisan political activities
  • Visit chat rooms, auctions
  • Peer-to-Peer file sharing : establish connections between two user's workstation for the purpose of sharing files directly or through a mediating server
  • Install malicious or personal software or games

Passwords are Important!

Illustration of one person talking to another
  • Never share or write down your password
  • Use strong passwords
    • Three of these 4 characteristics:
      • Upper case, lower case, numbers, symbols
    • No dictionary words, names, number series
  • Change your password
    • Regularly - whether required or not
    • If compromised/exposed

Protect Your System

Illustration of a malicious person at a computer
  • Malicious programs - viruses, worms, etc.
    • No unauthorized software or downloads
    • Download to a diskette and scan before using
    • Scan diskettes from others, home
    • Be sure anti-virus software is up-to-date
    • Be alert to e-mail/attachments
  • Report any irregularities to:
    • Helpdesk or Agency Security Officer

Protect Your Data

  • Regular system back-ups
    • All files not in use
  • Back up important files
    • Lock the media away securely
  • Printed/faxed documents
    • Pick up promptly
    • Store sensitive documents securely
    • Destroy properly

The Unattended Workstation

Illustration of a computer
  • You can be held responsible for:
    • Actions taken in your name
    • Information accessed via your account
  • Always log off at night
  • If taking a break
    • Log off
    • Lock the workstation
    • Use a password-protected screensaver

Taking it on the road...

Illustration of worker using a computer in a lawn chair
  • Laptop is attractive, valuable equipment
    • Keep it with you at all times
    • Use anti-theft cables
  • Portable data is attractive, too
    • Encrypt sensitive files
    • Lock files

Safe at the Office...

Illustration of worker at a computer
  • No spills, no thrills
    • Keep food and drinks away from PC, keyboard, mouse, printers
    • Keep magnets away from CPU, diskettes
  • Locate computer equipment...
    • Away from heavy traffic
    • Away from windows and air conditioners

Visitors and Other Distractions

Illustration of a repair worker at a computer
  • Question unescorted visitors
    • Be aware of their actions
  • Confirm identity of repair and maintenance personnel
  • Check with your supervisor before allowing equipment removal
  • Don't leave sensitive material on voice mail or e-mail

Useful Information

Additional Reading Materials

Acknowledgement

Thank you for viewing Computer Security Training for New DOL Users. Please click the I Agree button in the registration process to activate your Extranet Account.