• No results found

Data Stored on a Windows Computer Connected to a Network

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Data Stored on a Windows Computer Connected to a Network"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Attachment A

Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from

The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Computer Connected to a Network

All requests for data must include the following information.

I. General Information

1. List below the name(s) and responsibilities of the investigator(s) and the research staff (students, research assistants, and programmers) who will have access to the data. Changes in personnel require that this information be updated.

1b. PI Institution

PI contact information: Email

Phone number

System Administrator contact information: Email Phone number

2. Each participant must sign a separate security pledge to be included with the contract. As new personnel are added during the period of this contract an amended Attachment C and new security pledges must be obtained and sent to the Carolina Population Center. A security pledge form can be found under Attachment D. Please copy for each participant.

Number of security pledges included:

3. Only one complete copy of the Add Health data is permitted; however, time-delimited temporary data analysis files may be created. Temporary data analysis file(s) must be deleted every six months and recreated, as necessary, to complete analysis. Temporary data analysis files should be deleted upon completion of a project.

All temporary data analysis files will be deleted and every year.

4. Add Health data, including temporary data analysis files or subsets of the data, may not be copied to other media such as CDs or diskettes to be used on other machines and platforms. All Add Health data must remain in the same secure location as the one copy of the original Add Health data.

month

(2)

____________ I agree to this condition.

5. The time frame for analysis of the data should not exceed three years from the date that data files originally were sent to the investigator. Research projects requiring the data for more than three years should submit annual requests for continuation three months prior to the end date of the current

project. Data, paper and electronic, shall be destroyed on that date unless prior arrangements have been made with Add Health.

____________ I agree to this condition.

II. Detailed description of computer system where data will be stored and analyzed

1. What type of hardware/operating system will be used?

2. What is the physical location of the hardware?

3. How are backups handled, and how will Add Health data will be excluded from the backup routine?

4. Who has physical access to the equipment?

5. Who has permission to use the equipment?

6. Is the equipment used by other projects?

7. Where will hard copy info be printed?

Investigator Initial Investigator Initial

(3)

8. How will hard copy data will be handled/stored/discarded?

9. What is the secure storage location (building, room number, and type of storage unit) of the original data CD?

III. Security system to prevent unauthorized access to the data

The following are minimum steps that should be taken to secure your Windows 7/8 computer that houses the Add Health data if your computer is connected to a network. Please indicate below each security step you have implemented. Please write a short explanation if you cannot implement a specific step

Physical Security of a Windows 7/8 Computer on a Network

1. I configured the BIOS to boot the computer from the hard drive only. I will not allow the computer to be booted from the diskette or CD-ROM drive.

Implemented Not Implemented (please explain why not)

2. I password protected the BIOS so changes cannot be made to the BIOS without authorization. Implemented Not Implemented (please explain why not)

3. I secured the computer on which the Add Health data resides in a locked room, or secured the computer to a table with a lock and cable (locking the case so the battery cannot be removed).

Implemented Not Implemented (please explain why not)

Controlling Access to the Data

I restricted access to the Add Health data to project personnel using the security features available via the operating system (e.g., login via userid/password and NTFS permissions).

1.

(4)

Date:

2. I require strong passwords.

Implemented Not Implemented (please explain why not)

3. I activated a screen saver with password after three minutes of inactivity. Implemented Not Implemented (please explain why not)

4. I installed encryption software for directories containing secure data (e.g., Windows 7/8 encryption)

Implemented Not Implemented (please explain why not)

Name of encryption software:

5. I configured my statistical applications to point the temporary working files to the secured data directory.

Implemented Not Implemented (please explain why not)

Location of secured directory

6. I installed and periodically run a secure erasure program. This program will be run monthly and after the secure data has been removed from the computer at the end of the contract period. Implemented Not Implemented (please explain why not)

Name of secure erasure software:

7. I will not copy or move the Add Health data out of the secured directory for any reason. ____________ I agree to this condition.

(5)

Protecting the Data from Unauthorized Access Across the Wire

1. I did not install IIS or MS SQL server on the Windows computer that houses sensitive data. Implemented Not Implemented (please explain why not)

2. I turned off all unneeded services and disabled unneeded network protocols. Implemented Not Implemented (please explain why not)

3. I disabled Windows File and Printer Sharing.

Implemented Not Implemented (please explain why not)

4. I did not enable file sharing on local Windows machines.

Implemented Not Implemented (please explain why not)

5. I removed the Everyone group from the Access this Computer from the Network user right. Implemented Not Implemented (please explain why not)

6. I disabled the Guest account.

Implemented Not Implemented (please explain why not)

7. I replaced the Everyone group with the appropriate group(s) on critical system folders, files, and registry keys.

(6)

Date:

8. I removed, disabled, or renamed administrative shares.

Implemented Not Implemented (please explain why not)

9. I restricted/prevented anonymous access and enumeration of accounts and shares. Implemented Not Implemented (please explain why not)

10. I created a new userid for administrative purposes and removed the original administrator userid's administrative privileges.

Implemented Not Implemented (please explain why not)

11. I installed, and will maintain, all OS and application (e.g., Internet Explorer) security patches. Implemented Not Implemented (please explain why not)

12. I installed an antivirus software program and will keep the virus definition files updated. Implemented Not Implemented (please explain why not)

Name of antivirus software: 13. I secured performance data.

Implemented Not Implemented (please explain why not)

(7)

15. I disabled or removed Windows Scripting Host.

Implemented Not Implemented (please explain why not)

16. I use a corporate, hardware, or personal (software) firewall.

Implemented Not Implemented (please explain why not)

Name of firewall:

__________________________

References

Download now ( PDF - 7 Page - 313.07 KB )

Related documents

Multi-Protocol On-board Ethernet Print Server and Wireless (IEEE b/g) Ethernet Print Server

If you are using Windows ® 2000, Mac OS ® X 10.2.4 or greater or your computer is connected to the wireless network using a network cable, it is recommended you temporarily

RCS New Teacher Induction. Office of Technology James Marshall and Robin Couts

• If your Windows computer says that there are “No logon servers” when trying to login, check that your computer is connected to the network with an Ethernet cable. • If your

Data Stored on a Windows Server Connected to a Network

Add Health data, including temporary data analysis files or subsets of the data, may not be copied to other media such as CDs or diskettes to be used on other machines and

How To Fix A Backup Error In A Windows Xp Server On A Windows (Windows) On A Pc Or Mac Xp (Windows 7) On An Uniden Computer (Windows 8) On Your Computer Or Your Computer (For

To fix this error follow the instructions for Setting user permissions to access Microsoft SQL Server folders and Setting SQL Server to run as a Local Service.. NOTE: Often

November, P a g e

And yet, as a community of faith, we know we’ve been through challenging days before and can continue to walk together with faith, hope and love as those who have heard the words

QMH Drug Formulary

QUEEN MARY HOSPITAL

Fireware XTM Traffic Management

On a computer that is connected to the trusted interface, make a FTP connection to your Windows 2003 Server on the external network and download the 350MB file you created

Face-work on Social Media in China: The Presentation of Self on RenRen and Facebook

Although this study focuses empirically on mainland Chinese students in Hong Kong, the research findings on the importance of the perceived audience on social media, as well as how