Your SlideShare is downloading. ×
Lesson 4   protection of information
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Lesson 4 protection of information

63
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
63
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security, Protection of Data, Information & Passwords COMP2071
  • 2. Protection Of Data Company Data: • Data that belongs to the company. Financial Statements, etc. Employee Data: • Data that belongs to the employee. Employee evaluations, personal emails, etc. Customer Data: • Data that is confidential in nature towards a customer. SIN number, phone numbers, etc.
  • 3. Protection Of Data • As the helpdesk analyst it is your job to assist in the protection of data at all levels • You may be providing services that help other employees protect data or you may be the intermediary of the data • No matter which type of data it is you need to understand your role is to not just provide data for no reason and without approval • Don’t ever give out data or personal details to anyone but the owner
  • 4. Protection Of Data • For example, if a manager requests access to an employees data you would need to specify what data (email, documents, etc.), then you would request the written approval of the manager of the requestor • To truly cover all issues with granting access you may also be asked to get approval from the head of HR as well • From there you may have to send your ticket to an Nth dept. or you may be able to grant access through the tools in the helpdesk
  • 5. Protection of Information • Everything we talked towards rings true for protecting information as well • The main thing to remember here, don’t give out any information that is not readily accessible to an employee already • On the other side, don’t give out internal company information to any sales agents, vendors, or telemarketers that may call the helpdesk as well • If in doubt, transfer the call to your second level or team lead
  • 6. Passwords • Passwords are very important to keep confidential • If another employee got your password they could logon as you and do illegal things such as fraud or even just watch porn which is grounds enough to be fired in some companies • The users are asked to protect their password and it is their responsibility to do so • That being said, users often will give their password to helpdesk staff as there is a feeling of “trust” there • You as the helpdesk analyst will need to know that you should never know or ask a user for their password
  • 7. Passwords • If users give their passwords to you or you reset a password without verifying the user, this can mean an audit failure for the whole helpdesk department which means your job will be on the line • Most enterprise helpdesks will have some sort of mechanism and policy in place to verify a user for a password reset • This can include secret questions, a users employee number, etc. • You should never give a password through email • And final note, a new password should always be set to expire
  • 8. Encryption • Most enterprises will have some sort of encryption built into their architecture • Some types of encryption you may support on the helpdesk is: – Encryption of data on a desktop or laptop especially. Here the data would decrypt when the user logs in successfully – USB encryption, where a user’s thumb drive would be encrypted when it plugs into a company device – Encrypted email transmission – Blackberry or other company held devices
  • 9. Encryption • Some key things to remember when supporting encryption are: – Most of the time the files will be flagged by a word or the colour green – Before you make a copy of a file you must decrypt it first, this is important if backing up a users data before a reimage – Users may put their own personal devices into the network, thus encrypting their personal device. There is no reversing it so you would work with the user to get the data off and they could reformat it at home – Email sent out with encryption is usually easier to get back after it is sent, this can be useful
  • 10. Lost or Stolen Devices • You may run into an instance where a user has lost a device or has been stolen • In these cases, there is usually a process around this which could include some of the following items: – Remotely wiping a device (if possible) using tools on the helpdesk – Reporting the loss to information security – Ordering new devices • Users will always call the helpdesk for everything so be prepared to assist on all levels
  • 11. Hand-held devices As an extra bit of learning some tools…. • You may also need to help people with the password to their handheld devices, or just access to email on their devices • The email team has the ability to send out scripts to devices to try and resolve some of these issues but if the user has already begun tinkering with them and set strange passwords on them these scripts often fail • Another interesting thing IT does is the policies on the devices, we will look at some
  • 12. Hand-held devices • A pretty cool tool Blackberry offers is a Blackberry simulator • For this example you can run the one that’s on Blackboard • Let’s work through this together…..