This is a follow up to Christoph Leemann's email of August 28, 2006 regarding "Cyber Security Actions Required for Staff and Users." As you recall, this memo asked all JLab staff and users to access a brief training and verification exercise regarding topics such as Personally Identifiable Information (PII), privacy rights and social engineering at https://www1.jlab.org/mis/apps/pii_confirmation/. If you have not accessed the website and completed this exercise you must do so by COB Tuesday, October 17, 2006 or your access to JLab computing resources will be interrupted starting the following day.
We would also like to clarify the topic of possession of your own PII on Lab laptops or other portable media. Possession of your own PII (SSN, etc.) on these systems is not considered Lab PII and therefore does not need to be reported. However, for your own protection, we encourage you to be mindful of your vulnerability and strongly recommend that you do not store your personal PII on these types of systems. In addition, be very careful for the physical security of your laptop as it is both valuable and one of the quickest ways to access information about you.
In addition to assuring that everyone completes the training/verification on the web, we want to make you aware of other potential sources of Lab PII that you need to dispose of. Those of you who handle travel for yourselves, others, or visitors may have emails containing other people.s Social Security Numbers or other PII. Please check your old emails to assure that you delete any messages with PII to avoid compromising such information. You should also check your office for any old CDs or other disks to assure that PII is not being held on any older portable media. Contact Kris Burrows, firstname.lastname@example.org, 7548, or , Mike Lewellen, email@example.com, 7169, for disposal of old floppies, CDs, etc. that may contain PII.
Our Cyber Security team is vested in assuring that our computing resources have the protection that is necessary to deflect new and more sophisticated types of cyber attacks while providing the services needed for our staff and users to accomplish our scientific mission. We ask for your cooperation in assuring that each staff member and user is doing what they can to strengthen cyber security at Jefferson Lab. We will continue to bring you updates as requirements change and new threats emerge.
Submitted: Wednesday, October 11, 2006 - 2:00pm