• No results found

IM Aware Session March 12, Panel Members

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IM Aware Session March 12, Panel Members"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

IM Aware Session – Email – March 12, 2015

Panel Members

Linda Borys

- RIM Program Support Manager, Service Alberta.

- With Information Management Branch for over 20 years.

- Has been the Alberta Records Management Committee (ARMC) Secretary for about 10 years. - Provides guidance on the enterprise records management program.

- Supports the enterprise applications used to manage Records Retention and Disposition. Schedules, and the movement of inactive records from storage to disposition.

Ken Lummis

- Manager of IT Security Policy. Responsible for Information Technology Security Policy for the Government of Alberta.

- Security side of phishing. GoA IT Security have produced tip sheets on phishing and social engineering. Phishing goes beyond the theft of information; criminals are now using phishing emails to encrypt files which have caused downtime for the GoA in being able to access its information.

Lori Lindquist

- Strategic IMT Initiative Program Manager and Information Security Officer, Corporate Human Resources.

- Lori Lindquist has 16 years of IT experience with the Government of Alberta primarily with Public Affairs Bureau and Executive Council.

- She is knowledgeable regarding the policy and guidelines for acceptable and unacceptable activities regarding email (Use of Government of Alberta Internet and E-mail Policy) and social media.

- As a Ministry Information Security Officer, she is responsible for managing security related risks and issues regarding GoA email usage.

(2)

Topic 1: From your perspective, what is the biggest obstacle

for email? What piece of advice would you give to overcome

that obstacle?

Lori:

Users are our biggest challenge.

- Their ability to circumvent all rules creates a difficult environment to manage emails from a CHR perspective. The separation between business and personal email use can become complex; learning what can and can’t be done with GoA email (i.e. whether they can be used for personal use, or whether they are FOIPable) is important. It’s also important to note that they are GoA assets, and as such we have a commitment to the GoA to be professional; if the email accounts are not used in a professional manner, the Department has the ability (and the right) to monitor the accounts and follow up with disciplinary actions.

- Becoming familiar with rules and regulations, such as social media rules and restrictions and any policies, is very important. Learning the rules is essential (i.e. be aware of copyright

infringement, social media rules, and restrictions, or policies).

- The Internet and Email Usage Policy outlines acceptable and unacceptable activities.

- The Social Media Policy

Ken:

Security measures are our biggest challenge.

- There are all sorts of malware, phishing scams, and ransomware. Filtering email becomes very important.

- Users are our first line of defence. All of our systems are reactive. Testing of staff awareness is important.

Linda:

Managing information is our biggest challenge.

- The volume of emails in our system is part of a bigger, more problematic picture, which is the lack of email retention policy. Most of our emails are transient, and can be deleted; only emails that document a business decision must be kept.

(3)

Topic 2: Speak to the evolving email environment and

the evolving tools to mitigate risks.

Lori:

From a user perspective, managing identity will be essential to mitigate risks. We can use tools to

define access and level of permissions. - Policy tools.

- Knowing responsibilities. - Using responsibly.

Ken:

We must use the functionality we have, such as the preview pane.

- Tip sheets and educational tools are available.

- Presentations are available – this can provide clarity on who to contact regarding email security. - Learning about integrity and accountability.

Linda:

We must use training to mitigate risk around emails.

- Auto classification is coming and will help separate business emails from personal. - Integration of recordkeeping practices with different platforms will highlight the records

component.

(4)

Additional Questions:

1. What are the rules regarding Facebook and personal emails (personal usage on Government emails?)

Ken:

Facebook can be a source of malware. There is a risk of encryption and we should try to

avoid using these webpages on government computers. Use your personal smart phone instead.

2. In the event of a phishing incident, what is the process that takes place?

Lori:

Send the phishing email as an email attachment to the GoA Service Desk, MISO, or notify your designated support team. Blocking the phishing site is first priority and letting everyone know is important.

Ken:

The security alerts process is a 30 minute window. They get notification, look at it (what’s it doing, who it affects, what impact it will have), notify everyone, and then they fix it.

3. Is there a way to set a mandatory desktop training on email awareness (i.e. desktop cleaning day?)

Linda:

Not yet.

4. When is autoclassification integration coming?

Linda:

We have tools, but whether they are good enough hasn’t been determined yet. In Microsoft office, there is autoclassification functionality, but there are issues with retention.

5. Where can I find basic rules for email – is there a website?

Linda:

The information management website contains a managing Information Management at Work eCourse. There are no enterprise standards for emails just yet; this will entail collaboration between many groups.

6. Are emails records and do they have retention schedules?

Linda:

The “what is information” question falls into the same category as email, it needs policy to deal with it. The decision on what to keep/who keeps it-we must ask the same question of all media.

(5)

Closing Remarks:

Lori:

Think before you click! Take a step back and consider what you’re doing.

Linda

: Think after you click! Consider what you should keep and what you should get rid of.

Organize your emails. Take the Managing Information at Work eCourse.

References

Download now ( PDF - 5 Page - 221.84 KB )

Related documents

Internet Use and E-safety Policy

Staff must not engage in social network activity with students or parents and should not refer to Hillcrest school or any work related activities on such sites. Privacy

Acceptable Use Policy Internet and - Students

Monitoring, intercepting, reviewing or erasing of content will only be carried out to the extent permitted by law, for legitimate business purposes, including,

Internet Acceptable Use and Software Installation Policy

Protecting the organization’s computers, systems, data and communications from unauthorized access and guarding against data loss is of paramount importance; adherence to

INTERNET AND COMPUTER ACCEPTABLE USE POLICY (AUP)

• Teachers that wish to have Web pages hosted on independent sites linked to building sites must submit an application form for site approval to the District’s Communications Office,

INTERNET ACCEPTABLE USE AND SAFETY POLICY

Students or employees may be subject to disciplinary action for such conduct including, but not limited to, suspension or cancellation of the use or access to the

Use of the Internet and Policy

All existing policies and procedures apply to your conduct on the Internet and whilst using the E-mail system, especially (but not exclusively) those that deal with

Acceptable Use of Information and Communication Systems Policy

NOTE: Unsolicited receipt of discriminatory, abusive, pornographic, obscene, illegal, offensive, or defamatory email is clearly not a disciplinary offence, although anyone

LINCOLN COLLEGE INTERNET, , AND COMPUTER ACCEPTABLE USE POLICY

1.1 The college recognises the need for effective policies which play a key part in the protection of staff and students and in ensuring that hardware and software are