Secure Networks by zhangyun


									New Data Regulation Law
         201 CMR 17.00
TJX   Video
   Secure Access control measures

   Secure user authentication protocols

   Monitoring for unauthorized access

   Encrypt PI that is or would be transmitted

Minimum Requirements
   Encryption of all PI on portable media
    ◦ Laptop
    ◦ Smartphones
    ◦ PDA’s

   Up to date Firewall and Security Patch Protection

   Up to date security agent software
    ◦ Virus Protection
    ◦ Malware

   Employee Training

Minimum Requirements
   Create a policy that encompasses the entire
    organization – develop a Security Policy to
    Safeguard PI

   Identify existing PI

   Advise senior management if current
    technology places PI at risk

   Define rules for protecting PI that covers
    both paper and electronic records
   Ensure all Employees that have access to PI
    records are trained in safeguarding

   Ongoing training through workplaces posters and

   Signed polices provide audit trail

   IT policies are important too..

   Your login credentials are the “keys to the

   Store Hardcopies
    ◦ Restrict Access
    ◦ Monitor Access
    ◦ Establish “Location” Policy

   Scan Hardcopies
    ◦   Store Electronically
    ◦   Restrict Access
    ◦   Monitor Access
    ◦   Shred Hardcopies

Safeguards for PI
   Encrypt all Laptops entire hard disk drive,
    PDA’s memory, and Smartphone's that
    hold PI against loss or theft
    ◦ PI data is unreadable even if disk drive is
      moved to another Laptop

    ◦ Unlocking disk encryption requires proper
      username and password, or more

   Or Encrypt PI files stored on Mobile

Safeguards for PI
   PI data stored on Portable Media (ex. DVD
    or USB drives) must be encrypted

   Recommendation: Use software that
    encrypts any data stored on Portable
    Media, or has Port Control to prevent
    users from copying to Portable Media

   All Backup Tapes or External Hard Drives
    software must be encrypted.

Safeguards for PI
   If PI is sent across a wireless network, it
    MUST be encrypted

   Patch Management must be up to date

   Up to date Anti Virus

   Companies Firewall is to be up to date

   Wireless encrypted with security access

Safeguards for PI
   E-mails containing PI must be encrypted if
    sent via the internet.

   E-mail “Content Filtering” electronically
    searches the body of the e-mail and
    attachments for PI

   E-mails with PI will be automatically
    encrypted before traveling over the

Safeguards for PI
 For Third Party Vendors, you should obtain written
  certification of compliance with MA Privacy
  Regulations from business partners you share PI data
    ◦ IT Companies
    ◦ Payroll Company
    ◦ Benefit Companies
        401(k)
        Life Insurance
        Insurance
 Caution: E-mail communications with these parties
  frequently involve PI data – ensure those e-mails are

Safeguards for PI
   Survey employees for other resting spots
    for PI data (ex: unlocked filing cabinets,
    portable media, briefcases at homes, etc.
     ◦ USB Flash Drives
     ◦ DVD
     ◦ CD

Safeguards for PI
   Terminating Employee’s
    ◦ Disable User right away
    ◦ Redirect E-mail to another user
    ◦ Remove Remote Access
    ◦ Don’t allow ex employee near PI

Safeguards for PI
   Thumb drive has info from the state


   Free trail version of Safe House



To top