Brookhaven Cyber Security Requirements



Backup Data

ALWAYS BACKUP YOUR DATA. Keep the backups in a protected area. The more critical the data the more often you should backup.

REQUIREMENTS:

  • Users ("data owners") are responsible for determining what data requires protection and how their data is to be recovered if the online copy is destroyed (either by accidental or malicious damage).  
  • Users may choose not to back up data, but if so they must make sure they know how to recreate the lost data if needed.
  • If backup is necessary then the users must coordinate a backup plan. This may either be an individual backup done by the users themselves or coordinated with the system managers into a regular system backup plan.

Top of Page

Sensitivity

Information can be either Sensitive, Mission Essential, or Non-Sensitive within the unclassified designation.

REQUIREMENTS:

  • Owners and managers are responsible for determining the sensitivity of their applications and/or facilities.
  • For information and guidance in the handling of sensitive and mission essential applications, contact the BNL Chief Cyber Security Officer (CCSO).

Top of Page

Physical

Personal computers and sensitive information are popular targets for theft. Properly protecting them is essential.

REQUIREMENTS:

  • Lock office when you are away or out of the office for any period of time.
  • If your computer contains sensitive and/or mission essential information, it must be kept in a locked area. For additional guidance on handling sensitive and/or mission essential equipment/information and for an appropriate risk assessment, contact the BNL Chief Cyber Security Officer (CCSO).
  • Facilities that process sensitive or mission essential information must have locked doors, limited access, and sign-in sheets.
  • BNL computers used off-site are to be protected from unauthorized use and theft.

Top of Page

Computer Security Incidents

Computer Security incident can range from a simple virus to the disclosure of sensitive information. Incidents can be minor, important, or significant. 

REQUIREMENTS:

  • All employees and users are required to immediately report any suspicious incidents involving the security of the Laboratory computers or networks, including apparent attempts at unauthorized access.
  • Incidents should be reported to the Cyber Security Incident Response Team (CSIRT) at x8484, or to the System Manager if immediately available.  
  • Refer to Procedures for Reporting Computer Security Incidents for details.

Top of Page

Software Copyright Laws

Software is intellectual property and as such is protected by U.S. Copyright laws.

REQUIREMENTS:

  • Purchasers of software have the responsibility for obeying the copyright laws.
  • Making additional copies of software or installing software on more computers than are covered by the license agreement is illegal.
  • By Signing the BNL Computer Use Agreement, the user is acknowledging that he/she has read, understands, and agrees to comply with the copyright and licensing laws governing the use of Brookhaven National Laboratory computing resources.

Top of Page

 Virus Protection

Protecting your computer and disks from viruses is important to prevent damage to the system and/or files.

REQUIREMENTS:

  • PC & MAC users can obtain a virus checker from the Anti-Virus procedures web page.
  • Do not put a diskette of unknown origin into your PC unless you have checked it with a virus checker.
  • Don't assume a disk is safe. Always check it for viruses prior to use.

Top of Page

 Passwords

Most computer security incidents can be traced to bad/improper password choice or management.

 REQUIREMENTS:

  • Computer Users are responsible for following the BNL password procedures developed in accordance with DOE guidelines.

Top of Page

 Accounts

If you have an account on a multi-user computer or network, you are responsible for ensuring that your account is used responsibly and only for BNL approved work.

REQUIREMENTS:

  • All accounts should be password protected.
  • Accounts that will not be used for 12 months or more shall be deactivated.
  • System managers shall remove or deactivate accounts with passwords that do not meet with BNL policy.
  • Accounts shall only be used for official BNL business.

If you have a question that is not addressed in these pages, please send an email to itdhelp@bnl.gov.

Top of Page

Last Modified: September 1, 2011
Please forward all questions about this site to: Web Services