Information Security

Purpose

Our information security policies were created to help us protect:

Learning Material

Please carefully read (or re-read) our Information Security policies in our company handbook.

Read this HHS Letter about Phishing Attacks.

Read through the Risk Analysis in our company’s HIPAA procedure document. (Note that there is no need to read other sections.)

Exercises

To learn as much as possible from these exercises, we recommend that you write your response before revealing the provided answers.

Exercise 1

Confirm that your password meets our definition of a “secure password” and is not written down anywherer. If it doesn’t, change it so that it does. In particular, note that it must be unique. Furt

Exercise 2

Confirm that your email meets our definition of a “secure password” and is not written down anywhere. If it doesn’t, change it so that it does. In particular, note that it must be unique.

Exercise 3

Confirm that your workstation requires a password, fingerprint, or facial recognition to unlock. If it doesn’t, set this up.

Exercise 4

Confirm that your workstation automatically locks after an hour of inactivity. If it doesn’t, set this up.

Exercise 5

What should you do if David emails asking for your 1password master password, then you ping him in Slack, and he confirms that he wants it?

Provided Answer

Call Yujan and tell him that David’s email and Slack accounts have been hacked.

Exercise 6

Confirm that your harddrive is encrypted. If it isn’t, set this up.

Setup for macOS

You can read about FileValut here.

Exercise 7

Confirm that your workstation automatically checks for and installs security updates for your operating system (alternatively, you must develop a sytem that will remind you to manually apply security updates and produce a record that you did so once each quarter)

Exercise 8

If you use SSH to access remote servers, confirm that you have a differrent SSH-key for each workstation and that you have a passphrase for the SSH-key.

Exercise 9

Do you think any of our information policies are unnecessarily burdensome in general or for your situation?

Exercise 10

Do you think our risk analysis had any large gaps?

Exercise 11

Do you think our information policy has any inapproprialty large gaps (note, there will always be gaps, its just a matter of whether the gaps are too big)?

Continuous Lesson Improvement

Open the lesson page in the GitHub editor.

Remove any exercises or learning material that are not useful to the intended audience. Find ways to shorten and clarify the writing. Add generally useful exercises, responses, or learning material. Your improvements will make our training program great!

Create a new branch and pull request and assign it to your lesson mentor. The available lesson mentors are included in the YAML front matter of the lesson. They will set up a time to review your suggested changes and to talk through your exercises for the lesson.

After the review add your self to the "completed" property in the lesson's YAML front matter and merge in your changes!