Backup Data
ALWAYS BACKUP YOUR DATA. Keep the backups in a protected area. The more
critical the data the more often you should backup.
Requirements
- Users ("data owners") are responsible for determining what data
requires protection and how their data is to be recovered if the online
copy is destroyed (either by accidental or malicious damage).
- Users may choose not to back up data, but if so they must make sure
they know how to recreate the lost data if needed.
- If backup is necessary then the users must coordinate a backup plan.
This may either be an individual backup done by the users themselves or
coordinated with the system managers into a regular system backup plan.
Sensitivity
Information can be either Sensitive, Mission Essential, or Non-Sensitive
within the unclassified designation.
Requirements
- Owners and managers are responsible for determining the sensitivity
of their applications and/or facilities.
- For information and guidance in the handling of sensitive and
mission essential applications, contact the BNL Chief Cyber Security
Officer (CCSO).
Physical
Personal computers and sensitive information are popular targets for
theft. Properly protecting them is essential.
Requirements
- Lock office when you are away or out of the office for any period of
time.
- If your computer contains sensitive and/or mission essential
information, it must be kept in a locked area. For additional guidance
on handling sensitive and/or mission essential equipment/information and
for an appropriate risk assessment, contact the BNL Chief Cyber Security
Officer (CCSO).
- Facilities that process sensitive or mission essential information
must have locked doors, limited access, and sign-in sheets.
- BNL computers used off-site are to be protected from unauthorized
use and theft.
Computer Security Incidents
Computer Security incident can range from a simple virus to the
disclosure of sensitive information. Incidents can be minor, important, or
significant.
Requirements
- All employees and users are required to immediately report any
suspicious incidents involving the security of the Laboratory computers
or networks, including apparent attempts at unauthorized access.
- Incidents should be reported to the Cyber Security Incident Response
Team (CSIRT) at x8484, or to the System Manager if immediately
available.
Software Copyright Laws
Software is intellectual property and as such is protected by U.S.
Copyright laws.
Requirements
- Purchasers of software have the responsibility for obeying the
copyright laws.
- Making additional copies of software or installing software on more
computers than are covered by the license agreement is illegal.
- By signing the BNL
Computer Use Agreement, the user is
acknowledging that he/she has read, understands, and agrees to comply
with the copyright and licensing laws governing the use of Brookhaven
National Laboratory computing resources.
Virus Protection
Protecting your computer and disks from viruses is important to prevent
damage to the system and/or files.
Requirements
- PC & MAC users can obtain a virus checker from the Anti-Virus
procedures web page.
- Do not put a diskette of unknown origin into your PC unless you have
checked it with a virus checker.
- Don't assume a disk is safe. Always check it for viruses prior to
use.
Passwords
Most computer security incidents can be traced to bad/improper password
choice or management.
Requirements
- Computer Users are responsible for following the BNL password
procedures developed in accordance with DOE guidelines.
Accounts
If you have an account on a multi-user computer or network, you are
responsible for ensuring that your account is used responsibly and only for
BNL approved work.
Requirements
- All accounts should be password protected.
- Accounts that will not be used for 6 months or more shall be deactivated.
- System managers shall remove or deactivate accounts with passwords
that do not meet with BNL policy.
- Accounts shall only be used for official BNL business.