SlideShare a Scribd company logo

Example of Security Awareness Training -- Department of Aging

David Sweigert
David Sweigert

Posted as a courtesy by: Dave Sweigert CISA CISSP PMP

Health & Medicine
1 of 26
CCALIFORNIAALIFORNIA AAGINGGING DDEPARTMENT OFEPARTMENT OF The CDA Information Security OfficeThe CDA Information Security Office Presents…Presents… California Department of Aging (CDA), 1300 National Drive, Suite 200, Sacramento, CA 95834California Department of Aging (CDA), 1300 National Drive, Suite 200, Sacramento, CA 95834 www.aging.ca.govwww.aging.ca.gov Revised December 2007 Security Awareness TrainingSecurity Awareness Training
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureReference/PolicyReference/Policy  CA Public Records Act - Government Code §6250  CA Information Practices Act - Civil Code §1798 et seq  California Computer Fraud Act - Penal Code §502  State Agency Privacy Policies - Government Code §11019.9  State Administrative Manual, Management Memo, MM 06-12  CA Department of Finance, Budget Letter, 05-08  Office of Management and Budget, M-07-16 Security Awareness Training References Page 1
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureReference/PolicyReference/Policy To enable CDA Affiliates to: Understand information security responsibilities and the consequences of infractions, and Integrate information security practices into daily work. Page 2
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureReference/PolicyReference/Policy All CDA Affiliates must complete security awareness training annually by viewing this presentation within the timeframe and terms specified in the Affiliate’s contract with CDA. CDA Security Awareness Training Policy Page 3
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureTerms & AcronymsTerms & Acronyms Who are CDA Affiliates?  CONTRACTORS: Area Agencies on Aging, Counties, Cities, Private Non-profit Agencies, etc. receiving funding from CDA.  VENDORS: Businesses providing goods/services directly to CDA and/or CDA contractors receiving funding from CDA.  SUBCONTRACTORS: Contractors providing goods/services to CDA contractors receiving funding from CDA.  STAFF: Employees and volunteers of CDA contractors and subcontractors. Page 4 This training module is designed for you if you are staff of a CDA Affiliate and you access, collect or store information for CDA.
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureTerms & AcronymsTerms & Acronyms Terms and Acronyms This training module’s underlined terms display a definition by holding your cursor over the word. Access Obtain and/or use CDA information assets. Affiliates CDA contractors, vendors, subcontractors, volunteers, and their staff. CA California CDA California Department of Aging Data Subject An individual to whom personal data relates e.g. program clients. Disclosure Releasing protected information. Information Assets (1) All categories of information, including (but not limited to) records, files, and data bases; and (2) information technology facilities, equipment (e.g. personal computers, laptops, PDAs), and software owned or leased by state agencies. PDA Personal Digital Assistant PRA California Public Records Act Redact Remove confidential, sensitive, or personal information from an information asset. Security Incident Instances when information assets are modified, destroyed, disclosed, lost, stolen or accessed without proper authorization. Third Party Authorized legal representative, relative or friend, business associate, financial company or business authorized by the data subject. Page 5
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities As a CDA Affiliate, you are responsible for adopting operational policies, procedures, and practices to protect CDA information assets. Page 6
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities CDA Information Assets include (but are not limited to):  Information collected and/or accessed in the administration of CDA programs and services.  Information stored in any media form, paper or electronic. Page 7
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities  DO NOT MAKE COPIES (photocopies, scans, photo images, etc.) of CDA’s confidential, sensitive and/or personal information for personal use.  DO NOT REMOVE confidential and/or sensitive information from the work premises without authorization.  DO NOT MODIFY OR DESTROY confidential and/or sensitive information without authorization. You may access CDA information assets for work-related purposes only. Page 8
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities Information assets are often stored using:  Personal computers,  Laptops,  Office and workstation file drawers, and  Portable devices such as: thumb drives, discs, PDAs, etc. Page 9
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification 1. Assign appropriate protection levels, 2. Apply standard information handling practices, and 3. Adhere to disclosure policies. Information assets must be classifiedmust be classified. ClassifyClassifying information enables you to: Page 10
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification As a CDA Affiliate, you work with information assets classified as:  Public,  Confidential,  Sensitive, and/or  Personal. Page 11
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition The California Public Records Act (PRA) defines public records as information relating to the conduct of the public’s business that is prepared, collected, or maintained by, or on behalf of, State agencies. There are certain statutory exemptions and privileges that allow agencies to withhold specific information from disclosure. Examples Correspondence, program memos, bulletins, e-mails, and organization charts. Portions of a public record may include sensitive or personal information. Disclosure Disclosure is required; however, all confidential or personal information must be redacted or blacked-out prior to disclosure. No identification from the requester is required. Page 12
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition Information maintained, collected, accessed, or stored by a State agency or its Contractors/Vendors that is exempt from disclosure under the provisions of the PRA or other applicable State or federal laws. Examples Medical information, Medi-Cal provider and beneficiary personal identifiers, Treatment Authorization Requests (TARs), personnel records, social security numbers, legal opinions, and proprietary Information Technology (IT) information. Disclosure Disclosure is allowed to:  individuals to whom the information pertains or an authorized legal representative upon his/her request (proper identification required);  third parties with written consent from the Individual to whom the information pertains or an authorized legal representative;  public agencies for the purpose of administering the program as authorized by law;  fiscal intermediaries for payment for services; and  government oversight agencies. Page 13
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition Information maintained, collected, accessed, or stored by State agencies or their Contractors/Vendors that may not be considered confidential pursuant to law but still requires special precautions to protect it from unauthorized access, use, disclosure, loss, modification or deletion. Examples Policy drafts, system operating manuals, network diagrams, contractual information, records of financial transactions, etc. Disclosure Disclosure is allowed to:  individuals to whom the information pertains or an authorized legal representative upon his/her request;  third parties with written consent from the individual to whom the information pertains or an authorized legal representative;  public agencies for the purpose of administering the program as authorized by law;  fiscal intermediaries for payment for services; and  government oversight agencies. Page 14
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition Information which identifies or describes an individual that is maintained, collected, accessed, or stored by a State agency or its Contractors/Vendors. Examples Examples include name, social security number, home address and home phone number, driver’s license number, medical history, etc. Disclosure Disclosure is allowed to:  individuals to whom the information pertains or an authorized legal representative upon his/her request (Note that an individual has a right to see, dispute, and correct his or her own personal information);  third parties with written consent from the individual to whom the information pertains or an authorized legal representative;  public agencies for the purpose of administering the program as authorized by law;  fiscal intermediaries for payment for services; and  government oversight agencies. Page 15
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Written consent to access or release an individual’s personal information must include:  Signature of the individual to whom the information pertains or an authorized legal representative;  Date signed; and  Description of the records that the individual agrees to release. Page 16
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Disclosure Verification Guide Classification Request Verification Public In person, by mail, e-mail, fax or telephone No identification required. Confidential, Sensitive, and/or Personal In person Photo identification. (Examples: driver’s license, government identification, passport, etc.) By mail, e-mail, or fax Written consent by the data subject or an authorized legal representative and requester’s photo identification. Page 17
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Classification Disclosure Policy Public Disclosure is allowed. All sensitive, confidential, or personal information must be redacted. Notify the requester in writing when the information is not readily available. Confidential, Sensitive, and/or Personal Disclosure is only allowed to:  verified data subjects or an authorized legal representative upon his/her request,  third parties with written consent from the data subject/an authorized legal representative,  public agencies as permitted by law. Page 18
Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure When you follow proper information disclosure policies, you protect CDA information assets and avoid security incidents. Page 19
Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Liability/SanctionsLiability/Sanctions CertificateCertificateIncident ReportingIncident Reporting How do you report a security incident? Complete and submit a Security Incident Report (CDA 1025) form to the CDA Information Security Officer within five (5) business days of date the incident occurred or was detected. Page 20 What is a security incident? A security incident occurs when information assets are modified, destroyed, disclosed, lost, stolen or accessed without proper authorization. What should you do in case of a security incident? Report all incidents to the CDA Program Manager and/or the CDA Affiliate immediately upon occurrence or detection.
Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions You may be sanctioned and/or held personally liable for the loss or unauthorized access, use, modification, destruction, or disclosure of CDA information assets. Page 21
Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions CDA Affiliates may be sanctioned and/or held liable for the loss or unauthorized access, use, modification, destruction, or disclosure of CDA information assets. Page 22
Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions You may be liable or sanctioned for:  a security incident, or  failure to report an incident. The following liabilities/sanctions may apply:  Administrative (e.g. contract termination, personnel action)  Criminal prosecution  Civil liability Page 23
Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions You have successfully completed CDA Security Awareness Training. 1. Click “Print” in the lower right-hand corner of the next slide, and 2. Complete the certificate on the next slide and keep a copy on file with your employer. Thank you for your cooperation! Page 24
Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate California Department of Aging (CDA) Security Awareness Training Certificate of Completion PRINT NAME: _____________________ Company/Agency: _______________________ This document certifies that the above mentioned individual read and understood his or her responsibility for protecting CDA information assets. Date Training Completed: _____________________ CDA requires Affiliates to complete this training annually during the term of their contract with CDA. Training sponsored by the CDA Print

Recommended

2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
DMEBillingServicesbySunKnowledgeSep_14_2016
DMEBillingServicesbySunKnowledgeSep_14_2016DMEBillingServicesbySunKnowledgeSep_14_2016
DMEBillingServicesbySunKnowledgeSep_14_2016Sammya Sen
 
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...David Sweigert
 
Cyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy InfrastructureCyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy InfrastructureDavid Sweigert
 
Cyber war netwar and the future of cyberdefense
Cyber war netwar and the future of cyberdefense Cyber war netwar and the future of cyberdefense
Cyber war netwar and the future of cyberdefense David Sweigert
 
Disaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDisaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDavid Sweigert
 
Wireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksWireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksDavid Sweigert
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 

Recommended

2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
DMEBillingServicesbySunKnowledgeSep_14_2016
DMEBillingServicesbySunKnowledgeSep_14_2016DMEBillingServicesbySunKnowledgeSep_14_2016
DMEBillingServicesbySunKnowledgeSep_14_2016Sammya Sen
 
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...David Sweigert
 
Cyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy InfrastructureCyber Threats that impact the US Energy Infrastructure
Cyber Threats that impact the US Energy InfrastructureDavid Sweigert
 
Cyber war netwar and the future of cyberdefense
Cyber war netwar and the future of cyberdefense Cyber war netwar and the future of cyberdefense
Cyber war netwar and the future of cyberdefense David Sweigert
 
Disaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDisaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDavid Sweigert
 
Wireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksWireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksDavid Sweigert
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 
Psychology of the Insider Threat
Psychology of the Insider ThreatPsychology of the Insider Threat
Psychology of the Insider ThreatDavid Sweigert
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareDavid Sweigert
 
Use of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysisUse of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysisDavid Sweigert
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingEmergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingDavid Sweigert
 
Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017David Sweigert
 
TDL3 Rootkit Background
TDL3 Rootkit BackgroundTDL3 Rootkit Background
TDL3 Rootkit BackgroundDavid Sweigert
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3David Sweigert
 
Handbook for Cyber Incident Response
Handbook for Cyber Incident ResponseHandbook for Cyber Incident Response
Handbook for Cyber Incident ResponseDavid Sweigert
 
Overview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksOverview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksDavid Sweigert
 
Healthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPRHealthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPRDavid Sweigert
 
Russian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureRussian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureDavid Sweigert
 
Developing Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to RecoveryDeveloping Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to RecoveryDavid Sweigert
 
Cyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentCyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentDavid Sweigert
 
HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRDavid Sweigert
 
Use of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional WarfareUse of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional WarfareDavid Sweigert
 
HIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit QuestionsHIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit QuestionsDavid Sweigert
 
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...Lincolnshire Hospital that was taken offline for four days due to a ransomwar...
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...David Sweigert
 
DRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
 
NIST Cloud Security Recommendations
NIST Cloud Security RecommendationsNIST Cloud Security Recommendations
NIST Cloud Security RecommendationsDavid Sweigert
 
First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...David Sweigert
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdfCDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdfCarlos Roberto Paula Soares
 

More Related Content

Viewers also liked

Psychology of the Insider Threat
Psychology of the Insider ThreatPsychology of the Insider Threat
Psychology of the Insider ThreatDavid Sweigert
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareDavid Sweigert
 
Use of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysisUse of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysisDavid Sweigert
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingEmergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingDavid Sweigert
 
Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017David Sweigert
 
TDL3 Rootkit Background
TDL3 Rootkit BackgroundTDL3 Rootkit Background
TDL3 Rootkit BackgroundDavid Sweigert
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3David Sweigert
 
Handbook for Cyber Incident Response
Handbook for Cyber Incident ResponseHandbook for Cyber Incident Response
Handbook for Cyber Incident ResponseDavid Sweigert
 
Overview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksOverview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksDavid Sweigert
 
Healthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPRHealthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPRDavid Sweigert
 
Russian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureRussian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureDavid Sweigert
 
Developing Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to RecoveryDeveloping Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to RecoveryDavid Sweigert
 
Cyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentCyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentDavid Sweigert
 
HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRDavid Sweigert
 
Use of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional WarfareUse of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional WarfareDavid Sweigert
 
HIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit QuestionsHIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit QuestionsDavid Sweigert
 
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...Lincolnshire Hospital that was taken offline for four days due to a ransomwar...
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...David Sweigert
 
DRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
 
NIST Cloud Security Recommendations
NIST Cloud Security RecommendationsNIST Cloud Security Recommendations
NIST Cloud Security RecommendationsDavid Sweigert
 
First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...David Sweigert
 

Viewers also liked (20)

Psychology of the Insider Threat
Psychology of the Insider ThreatPsychology of the Insider Threat
Psychology of the Insider Threat
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
 
Use of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysisUse of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysis
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingEmergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefing
 
Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017
 
TDL3 Rootkit Background
TDL3 Rootkit BackgroundTDL3 Rootkit Background
TDL3 Rootkit Background
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3
 
Handbook for Cyber Incident Response
Handbook for Cyber Incident ResponseHandbook for Cyber Incident Response
Handbook for Cyber Incident Response
 
Overview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksOverview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacks
 
Healthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPRHealthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPR
 
Russian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureRussian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting Infrastructure
 
Developing Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to RecoveryDeveloping Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to Recovery
 
Cyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentCyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK Government
 
HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCR
 
Use of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional WarfareUse of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional Warfare
 
HIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit QuestionsHIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit Questions
 
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...Lincolnshire Hospital that was taken offline for four days due to a ransomwar...
Lincolnshire Hospital that was taken offline for four days due to a ransomwar...
 
DRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leaked
 
NIST Cloud Security Recommendations
NIST Cloud Security RecommendationsNIST Cloud Security Recommendations
NIST Cloud Security Recommendations
 
First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...
 

Similar to Example of Security Awareness Training -- Department of Aging

Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointBucacci Business Solutions
 
Tape vaulting audit and encryption usage analysis
Tape vaulting audit and encryption usage analysisTape vaulting audit and encryption usage analysis
Tape vaulting audit and encryption usage analysisThomas Bronack
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Legal challenges for big data companies
Legal challenges for big data companiesLegal challenges for big data companies
Legal challenges for big data companiesRoger Royse
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 

Similar to Example of Security Awareness Training -- Department of Aging (20)

Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jackson
 
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdfCDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business Powerpoint
 
Responsible for information
Responsible for informationResponsible for information
Responsible for information
 
Tape vaulting audit and encryption usage analysis
Tape vaulting audit and encryption usage analysisTape vaulting audit and encryption usage analysis
Tape vaulting audit and encryption usage analysis
 
Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final project
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Information for Businesses - ca
Information for Businesses - caInformation for Businesses - ca
Information for Businesses - ca
 
Business Identity Theft Kit
Business Identity Theft KitBusiness Identity Theft Kit
Business Identity Theft Kit
 
Legal challenges for big data companies
Legal challenges for big data companiesLegal challenges for big data companies
Legal challenges for big data companies
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
May newsletter 2017
May newsletter 2017May newsletter 2017
May newsletter 2017
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Recently uploaded

Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment BookingHousewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Bookingnarwatsonia7
 
CALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls ServiceMiss joya
 
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceMiss joya
 
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls ServiceKesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Servicemakika9823
 
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service JaipurHigh Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipurparulsinha
 
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy GirlsCall Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girlsnehamumbai
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...narwatsonia7
 
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...narwatsonia7
 
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...Miss joya
 
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...Nehru place Escorts
 
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...Miss joya
 
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Servicenarwatsonia7
 
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Deliverynehamumbai
 
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore EscortsCall Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escortsvidya singh
 
VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...
VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...
VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...narwatsonia7
 

Recently uploaded (20)

Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment BookingHousewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
 
CALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Baramati ( Pune) Girls Service
 
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
 
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
 
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
 
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls ServiceKesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
 
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service JaipurHigh Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
 
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
 
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy GirlsCall Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
 
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
 
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
 
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
 
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
 
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
 
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
sauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Service
sauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Servicesauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Service
sauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Service
 
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCREscort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
 
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore EscortsCall Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
 
VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...
VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...
VIP Call Girls Tirunelveli Aaradhya 8250192130 Independent Escort Service Tir...
 

Example of Security Awareness Training -- Department of Aging

  • 1. CCALIFORNIAALIFORNIA AAGINGGING DDEPARTMENT OFEPARTMENT OF The CDA Information Security OfficeThe CDA Information Security Office Presents…Presents… California Department of Aging (CDA), 1300 National Drive, Suite 200, Sacramento, CA 95834California Department of Aging (CDA), 1300 National Drive, Suite 200, Sacramento, CA 95834 www.aging.ca.govwww.aging.ca.gov Revised December 2007 Security Awareness TrainingSecurity Awareness Training
  • 2. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureReference/PolicyReference/Policy  CA Public Records Act - Government Code §6250  CA Information Practices Act - Civil Code §1798 et seq  California Computer Fraud Act - Penal Code §502  State Agency Privacy Policies - Government Code §11019.9  State Administrative Manual, Management Memo, MM 06-12  CA Department of Finance, Budget Letter, 05-08  Office of Management and Budget, M-07-16 Security Awareness Training References Page 1
  • 3. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureReference/PolicyReference/Policy To enable CDA Affiliates to: Understand information security responsibilities and the consequences of infractions, and Integrate information security practices into daily work. Page 2
  • 4. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureReference/PolicyReference/Policy All CDA Affiliates must complete security awareness training annually by viewing this presentation within the timeframe and terms specified in the Affiliate’s contract with CDA. CDA Security Awareness Training Policy Page 3
  • 5. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureTerms & AcronymsTerms & Acronyms Who are CDA Affiliates?  CONTRACTORS: Area Agencies on Aging, Counties, Cities, Private Non-profit Agencies, etc. receiving funding from CDA.  VENDORS: Businesses providing goods/services directly to CDA and/or CDA contractors receiving funding from CDA.  SUBCONTRACTORS: Contractors providing goods/services to CDA contractors receiving funding from CDA.  STAFF: Employees and volunteers of CDA contractors and subcontractors. Page 4 This training module is designed for you if you are staff of a CDA Affiliate and you access, collect or store information for CDA.
  • 6. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosureTerms & AcronymsTerms & Acronyms Terms and Acronyms This training module’s underlined terms display a definition by holding your cursor over the word. Access Obtain and/or use CDA information assets. Affiliates CDA contractors, vendors, subcontractors, volunteers, and their staff. CA California CDA California Department of Aging Data Subject An individual to whom personal data relates e.g. program clients. Disclosure Releasing protected information. Information Assets (1) All categories of information, including (but not limited to) records, files, and data bases; and (2) information technology facilities, equipment (e.g. personal computers, laptops, PDAs), and software owned or leased by state agencies. PDA Personal Digital Assistant PRA California Public Records Act Redact Remove confidential, sensitive, or personal information from an information asset. Security Incident Instances when information assets are modified, destroyed, disclosed, lost, stolen or accessed without proper authorization. Third Party Authorized legal representative, relative or friend, business associate, financial company or business authorized by the data subject. Page 5
  • 7. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities As a CDA Affiliate, you are responsible for adopting operational policies, procedures, and practices to protect CDA information assets. Page 6
  • 8. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities CDA Information Assets include (but are not limited to):  Information collected and/or accessed in the administration of CDA programs and services.  Information stored in any media form, paper or electronic. Page 7
  • 9. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities  DO NOT MAKE COPIES (photocopies, scans, photo images, etc.) of CDA’s confidential, sensitive and/or personal information for personal use.  DO NOT REMOVE confidential and/or sensitive information from the work premises without authorization.  DO NOT MODIFY OR DESTROY confidential and/or sensitive information without authorization. You may access CDA information assets for work-related purposes only. Page 8
  • 10. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ClassificationClassification DisclosureDisclosureResponsibilitiesResponsibilities Information assets are often stored using:  Personal computers,  Laptops,  Office and workstation file drawers, and  Portable devices such as: thumb drives, discs, PDAs, etc. Page 9
  • 11. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification 1. Assign appropriate protection levels, 2. Apply standard information handling practices, and 3. Adhere to disclosure policies. Information assets must be classifiedmust be classified. ClassifyClassifying information enables you to: Page 10
  • 12. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification As a CDA Affiliate, you work with information assets classified as:  Public,  Confidential,  Sensitive, and/or  Personal. Page 11
  • 13. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition The California Public Records Act (PRA) defines public records as information relating to the conduct of the public’s business that is prepared, collected, or maintained by, or on behalf of, State agencies. There are certain statutory exemptions and privileges that allow agencies to withhold specific information from disclosure. Examples Correspondence, program memos, bulletins, e-mails, and organization charts. Portions of a public record may include sensitive or personal information. Disclosure Disclosure is required; however, all confidential or personal information must be redacted or blacked-out prior to disclosure. No identification from the requester is required. Page 12
  • 14. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition Information maintained, collected, accessed, or stored by a State agency or its Contractors/Vendors that is exempt from disclosure under the provisions of the PRA or other applicable State or federal laws. Examples Medical information, Medi-Cal provider and beneficiary personal identifiers, Treatment Authorization Requests (TARs), personnel records, social security numbers, legal opinions, and proprietary Information Technology (IT) information. Disclosure Disclosure is allowed to:  individuals to whom the information pertains or an authorized legal representative upon his/her request (proper identification required);  third parties with written consent from the Individual to whom the information pertains or an authorized legal representative;  public agencies for the purpose of administering the program as authorized by law;  fiscal intermediaries for payment for services; and  government oversight agencies. Page 13
  • 15. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition Information maintained, collected, accessed, or stored by State agencies or their Contractors/Vendors that may not be considered confidential pursuant to law but still requires special precautions to protect it from unauthorized access, use, disclosure, loss, modification or deletion. Examples Policy drafts, system operating manuals, network diagrams, contractual information, records of financial transactions, etc. Disclosure Disclosure is allowed to:  individuals to whom the information pertains or an authorized legal representative upon his/her request;  third parties with written consent from the individual to whom the information pertains or an authorized legal representative;  public agencies for the purpose of administering the program as authorized by law;  fiscal intermediaries for payment for services; and  government oversight agencies. Page 14
  • 16. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms DisclosureDisclosureResponsibilitiesResponsibilities ClassificationClassification Definition Information which identifies or describes an individual that is maintained, collected, accessed, or stored by a State agency or its Contractors/Vendors. Examples Examples include name, social security number, home address and home phone number, driver’s license number, medical history, etc. Disclosure Disclosure is allowed to:  individuals to whom the information pertains or an authorized legal representative upon his/her request (Note that an individual has a right to see, dispute, and correct his or her own personal information);  third parties with written consent from the individual to whom the information pertains or an authorized legal representative;  public agencies for the purpose of administering the program as authorized by law;  fiscal intermediaries for payment for services; and  government oversight agencies. Page 15
  • 17. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Written consent to access or release an individual’s personal information must include:  Signature of the individual to whom the information pertains or an authorized legal representative;  Date signed; and  Description of the records that the individual agrees to release. Page 16
  • 18. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Disclosure Verification Guide Classification Request Verification Public In person, by mail, e-mail, fax or telephone No identification required. Confidential, Sensitive, and/or Personal In person Photo identification. (Examples: driver’s license, government identification, passport, etc.) By mail, e-mail, or fax Written consent by the data subject or an authorized legal representative and requester’s photo identification. Page 17
  • 19. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Classification Disclosure Policy Public Disclosure is allowed. All sensitive, confidential, or personal information must be redacted. Notify the requester in writing when the information is not readily available. Confidential, Sensitive, and/or Personal Disclosure is only allowed to:  verified data subjects or an authorized legal representative upon his/her request,  third parties with written consent from the data subject/an authorized legal representative,  public agencies as permitted by law. Page 18
  • 20. Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure When you follow proper information disclosure policies, you protect CDA information assets and avoid security incidents. Page 19
  • 21. Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Liability/SanctionsLiability/Sanctions CertificateCertificateIncident ReportingIncident Reporting How do you report a security incident? Complete and submit a Security Incident Report (CDA 1025) form to the CDA Information Security Officer within five (5) business days of date the incident occurred or was detected. Page 20 What is a security incident? A security incident occurs when information assets are modified, destroyed, disclosed, lost, stolen or accessed without proper authorization. What should you do in case of a security incident? Report all incidents to the CDA Program Manager and/or the CDA Affiliate immediately upon occurrence or detection.
  • 22. Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions You may be sanctioned and/or held personally liable for the loss or unauthorized access, use, modification, destruction, or disclosure of CDA information assets. Page 21
  • 23. Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions CDA Affiliates may be sanctioned and/or held liable for the loss or unauthorized access, use, modification, destruction, or disclosure of CDA information assets. Page 22
  • 24. Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions You may be liable or sanctioned for:  a security incident, or  failure to report an incident. The following liabilities/sanctions may apply:  Administrative (e.g. contract termination, personnel action)  Criminal prosecution  Civil liability Page 23
  • 25. Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting CertificateCertificateLiability/SanctionsLiability/Sanctions You have successfully completed CDA Security Awareness Training. 1. Click “Print” in the lower right-hand corner of the next slide, and 2. Complete the certificate on the next slide and keep a copy on file with your employer. Thank you for your cooperation! Page 24
  • 26. Reference/PolicyReference/Policy Terms & AcronymsTerms & Acronyms ResponsibilitiesResponsibilities ClassificationClassification DisclosureDisclosure Incident ReportingIncident Reporting Liability/SanctionsLiability/Sanctions CertificateCertificate California Department of Aging (CDA) Security Awareness Training Certificate of Completion PRINT NAME: _____________________ Company/Agency: _______________________ This document certifies that the above mentioned individual read and understood his or her responsibility for protecting CDA information assets. Date Training Completed: _____________________ CDA requires Affiliates to complete this training annually during the term of their contract with CDA. Training sponsored by the CDA Print