Employee Privacy, Digital Evidence, and the CFE. Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC
|
|
- Bertram Fields
- 6 years ago
- Views:
Transcription
1 Employee Privacy, Digital Evidence, and the CFE Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC
2 The Good Old Days
3 CFE s Aerial View 1. What Information Needed? Documentary Personal 2. Where Is It? Container Person 3. How To Get It? Data review Interview 4. Access, Review and Report
4 Scope 1. Quick Overview of Digital Forensics 2. Employee Privacy in Digital Communications 3. How Digital Forensics Impacts Employee Privacy 4. Current State of the Law of Employee Privacy in Digital Communications 5. How the Employers Compound the Problem 6. What the CFE Can Do
5 Digital Data Questions 1. Where it is stored 2. How much is stored 3. How to get it 4. How to be sure it is reliable and admissible
6 1. Desktop 2. Laptop 3. Notepad 4. Smartphone 5. USB Drive 6. Servers Local Corporate Cloud Where It Is Stored
7 CFE s Data Trinity 1. Integrity 2. Chain of Custody 3. Know How to Explain
8 Cloud 1. Which Cloud? 2. Where? 3. Access Controls? 4. Audit Trails? You will need Cloud personnel to establish the authenticity of your data
9 CFE Tip #1 Know the policies and procedures of your Cloud(s) before it is too late for data to be useful to you.
10 Easy Way or Request the data from a reliable source. Or Use Digital Forensics.
11 CSI Version of Digital Forensics E-V-I-D-E-N-C-E
12 Digital Forensics Applies to your media within your physical control. Cloud forensics by cloud provider.
13 Digital Forensics 7 Step Discipline of Investigation 1. Identification 2. Collection 3. Preservation 4. Recovery 5. Verification 6. Analysis of data 7. Report the findings
14 Forensic Workstation
15 Identification 1. Not just the obvious containers 2. Also: digital cameras, handheld PDAs, wireless e- mail devices, fax machines, cell phones, USBs, etc. 3. Any device that can store digital information
16 Collection Must follow standard rules for collection of evidence Chain of custody Same old rules
17 Preservation Extreme temperature changes, moisture, magnetic fields, physical damage Write protect original HDD Avoid the well-intentioned, but untrained
18 Recovery Software Automated process Able to analyze numerous operating systems Training, support, accepted in community Accepted by courts
19 Verification Verification done by mathematical formula A change of one bit would be detected
20 1. Human function 2. Browse through Folder File Cluster Deleted files Slack Space Analysis
21
22
23 Analysis Deleted Files: 1. Still there 2. OS cannot see 3. Forensic software can 4. HDD space available for re-use 5. Length of time recoverable depends on size of HDD, use of the computer
24 Slack space: Analysis 1. Data written in blocks of preset length 2. Last block of file might have empty space (like this line of text) 3. Contents of deleted file not overwritten by empty space at end of block 4. Old contents remain
25 1. Just the facts Report Findings 2. No opinion 3. Probative materials, the bookmarked files are admitted, not the whole report 4. Report gets turned over as part of discovery
26 Forensics Issues 1. Poor forensics will fail to find evidence 2. Impossible to find evidence that is not there 3. Argument is over what it means Not if it is there 4. Search for malware 5. Date and time stamps
27 Forensics Issues 1. Protecting original media 2. Documentation of process 3. Clock verification 4. Software used How widely How well accepted
28 CFE Tip #2 Discuss your objectives and concerns with forensic examiners before they begin work.
29 Employee Privacy Issue: Forensic examination of employee s work-issued digital device General Rule: No privacy issue in contents of device or records of Internet use
30 Employee Privacy BUT What about personal communications via an employer s device?
31 Employee Privacy Caution: No definitive answer
32 Employee Privacy Scenario: Forensic examination of employee s workissued digital device Personal communication acquired Personal communication relevant to inquiry
33 Employee Privacy Is it a privacy violation to read employee s personal s? Any consequences to the investigation?
34 Employee Privacy Courts seem to focus on the scope of the privacy policy. Detailed examination of corporate policy regarding Internet and .
35 Digital Forensics Reminder If employee deletes his personal communications, they might still be there in deleted files slack space
36 U.S. v. Simmons Internet policy said employer will audit, inspect and/or monitor Internet use as deemed appropriate NO expectation of privacy
37 Smyth v. Pillsbury 1. Employee s with supervisor in employer s system 2. Policy says all privileged and confidential and would not be grounds for termination 3. Court found NO expectation of privacy
38 McLaren v. Microsoft 1. Employee s sent over employer s system 2. Stored on employee s computer under password in folder marked Personal 3. Court found NO expectation of privacy because e- mail first transmitted over employer s system 4. Not like an employee s locker
39 Employee Privacy Two recent decisions: 1. Stengart v. Loving Care Agency (NJ Supreme Court) 2. City of Ontario v. Quon (U.S. Supreme Court)
40 Stengart v. Loving Care Agency Issue: Stengart was using personal password-controlled e- mail account from employer-issued computer Communicating with her personal attorney Planning to sue the LCA for workplace harassment
41 Stengart v. Loving Care Agency Stengart resigns and LCA performs a forensic examination of her computer LCA finds s with her attorney Attorney ethical issues rise from failure to disclose
42 Stengart v. Loving Care Agency Court s Approach: 1. Examine LCA electronic communications policies.
43 Stengart v. Loving Care Agency 2. The company reserves and will exercise the right to review, audit, intercept, access, and disclose all matters on the company's media systems and services at any time, with or without notice.
44 Stengart v. Loving Care Agency 3. and voice mail messages, internet use and communication and computer files are considered part of the company's business and client records. Such communications are not to be considered private or personal to any individual employee.
45 Stengart v. Loving Care Agency 4. The principal purpose of electronic mail ( ) is for company business communications. Occasional personal use is permitted
46 Stengart v. Loving Care Agency 5. It is not clear from that language whether the use of personal, password-protected, web-based accounts via company equipment is covered.
47 Stengart v. Loving Care Agency 6. Terms are undefined. 7. system seems to refer to corporate Policy does not address personal accounts.
48 Stengart v. Loving Care Agency 9. [E]mployees do not have express notice that messages sent or received on a personal, web-based account are subject to monitoring if company equipment is used to access the account.
49 Stengart v. Loving Care Agency 10. The Policy also does not warn employees that the contents of such s are stored on a hard drive and can be forensically retrieved and read by Loving Care.
50 Stengart v. Loving Care Agency Used a personal, password-protected account instead of her company address Did not save the account's password on her computer Had a subjective expectation of privacy
51 Stengart v. Loving Care Agency Court s conclusions: 1. [T]he Policy creates ambiguity about whether personal use is company or private property. 2. The scope of the written Policy, therefore, is not entirely clear. 3. Stengart had a reasonable expectation of privacy in the s she exchanged with her attorney on Loving Care's laptop.
52 Stengart v. Loving Care Agency Consequences: Effort to investigate expected workplace harassment lawsuit created additional cause of action for violation of privacy. Note: Stengart s s were in cache memory, not saved in their entirety.
53 Holmes v. Petrovich Example where court found no privacy interest. The corporate policy said: 1. Company technology to be used only for company purposes. 2. is not private; like a postcard. 3. Company may inspect all files and messages at any time for any purpose. 4. Company will monitor for compliance.
54 Employee Privacy Risk of Poor Privacy Waiver: 1. Poor corporate policy might create civil liability if personal is accessed 2. Might create a restriction on forensic examination
55 City of Ontario v. Quon U.S. Supreme Court Significant facts: 1. Police department 2. SWAT team 3. Text pagers for official communications 4. Private carrier 5. Monthly character limit 6. Excess to be paid by using officer
56 City of Ontario v. Quon Computer Usage, Internet, and Policy: City reserves the right to monitor and log all network activity including and Internet use, with or without notice. Users should have no expectation of privacy or confidentiality when using these resources.
57 City of Ontario v. Quon Department said text messages will be treated as e- mails Quon reminded that usage will be audited because he exceeded limits Continued to exceed
58 City of Ontario v. Quon Sexually explicit Between Quon and wife Fellow police officer
59 City of Ontario v. Quon Sexually explicit Between Quon and girlfriend Department dispatcher
60 City of Ontario v. Quon Court assumptions: 1. Reasonable expectation of privacy in pager communications 2. But not reasonable to assume immune from auditing 3. Reasonable police department employee should expect auditing
61 City of Ontario v. Quon No privacy right in text messages within police agency system
62 City of Ontario v. Quon BUT the Court would have difficulty predicting how employees privacy expectations will be shaped by those changes or the degree to which society will be prepared to recognize those expectations as reasonable.
63 Employee Privacy Employee s might be stored in the Cloud. If so, Cloud forensics might violate employee rights.
64 CFE Tip #3 Examine corporate policy so reasonable expectation of privacy issue is clearly addressed.
65 Social Networking Facebook LinkedIn
66 Social Networking Increasingly used as marketing avenues for sales But can be sources of dangerous malware
67 Social Networking For security, IT may insist social network marketing efforts not go through corporate system Using webmail gives approval for use of non-corporate for business purposes
68 Social Networking May conflict with corporate and Internet use policies and create ambiguity
69 Social Networking No expectation of privacy in any matter posted in social networking site
70 Social Networking Impact of authorized social network marketing on ability to use results of digital forensics on employer-provided digital equipment is uncertain
71 CFE Tip #4 Examine corporate policy so reasonable expectation of privacy issue is clearly addressed AND be sure it covers social network marketing.
72 You Want What? Be involved in: 1. Computer security, including Cloud migration 2. privacy policy 3. Social network marketing policy
73 Conclusion, sort of City of Ontario v. Quon: the Court would have difficulty predicting how employees privacy expectations will be shaped by [communication] changes or the degree to which society will be prepared to recognize those expectations as reasonable.
74 Thanks! Kenneth C. Citarella Managing Director, Investigations Guidepost Solutions LLC
TECHNOLOGY S INCREASING ROLE IN ANTI-FRAUD EFFORTS EMPLOYEE PRIVACY, DIGITAL EVIDENCE, AND THE FRAUD EXAMINER: AVOIDING THE TRAPS
TECHNOLOGY S INCREASING ROLE IN ANTI-FRAUD EFFORTS EMPLOYEE PRIVACY, DIGITAL EVIDENCE, AND THE FRAUD EXAMINER: AVOIDING THE TRAPS Learn techniques to leverage the increasing amount of digital evidence
More informationFERPA & Student Data Communication Systems
FERPA & Student Data Ellevation is subject to the Family Educational Rights and Privacy Act (FERPA) as operating under the "school official" exception, wherein student directory and PII (Personal Identifying
More informationPolicy Summary: This guidance outlines ACAOM s policy and procedures for managing documents. Table of Contents
Policy Title: Approved By: ACAOM Commissioners History: Policy Implementation Date: 28 October 2016 Last Updated: Related Policies: ACAOM -Records Retention Schedule References: Responsible Official: ACAOM
More informationHow to Like E-Discovery, Security and Social Media. Dr. Gavin W. Manes, CEO
How to Like E-Discovery, Security and Social Media Dr. Gavin W. Manes, CEO Gavin W. Manes, Ph.D. CEO, Avansic Doctorate in Computer Science from TU Scientific approach to e- discovery Published over fifty
More informationViolations of any portion of this policy may be subject to disciplinary action up to and including termination of employment.
Page 1 of 6 Policy: All computer resources are the property of Lee County and are intended to be used for approved County business purposes. Users are permitted access to the computer system to assist
More informationUse of Mobile Devices on Voice and Data Networks Policy
World Agroforestry Centre Policy Series MG/C/4/2012 Use of Mobile Devices on Voice and Data Networks Policy One of the policies on information security and business continuity which will be audited by
More informationManaging Your Record Retention Policy Safely
Managing Your Record Retention Policy Safely Client and counsel have a duty to preserve materials with potential evidentiary value. The preceding discussion told us about the duties of lawyers and clients
More informationInternet, , Social Networking, Mobile Device, and Electronic Communication Policy
TABLE OF CONTENTS Internet, Email, Social Networking, Mobile Device, and... 2 Risks and Costs Associated with Email, Social Networking, Electronic Communication, and Mobile Devices... 2 Appropriate use
More informationMEMORANDUM AND ORDER ON PLAINTIFFS' MOTION TO COMPEL
National Economic Research Associates, Inc. v. EvansMass.Super.,2006. Superior Court of Massachusetts. NATIONAL ECONOMIC RESEARCH ASSOCIATES, INC. and Marsh & McLennan Companies, Inc., Plaintiffs v. David
More informationACCEPTABLE USE OF HCHD INTERNET AND SYSTEM
Page Number: 1 of 6 TITLE: PURPOSE: ACCEPTABLE USE OF HCHD INTERNET AND EMAIL SYSTEM To establish the guidelines for the use of the Harris County Hospital District s Internet and email system. POLICY STATEMENT:
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationAcceptable Use Policy
IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations
More informationFORENSIC LABORATORY DEVELOPMENT AND MANAGEMENT: INTERNATIONAL BEST PRACTICES BY AGWEYE, BENEDICT HEAD OF FORENSICS, EFCC
FORENSIC LABORATORY DEVELOPMENT AND MANAGEMENT: INTERNATIONAL BEST PRACTICES BY AGWEYE, BENEDICT HEAD OF FORENSICS, EFCC DISCLAIMER THIS PAPER IS NOT A LEGAL ADVISE OR OPINION IT DOES NOT SPEAK FOR OR
More informationWireless Communication Device Use Policy
Wireless Communication Device Use Policy Introduction The Wireless Communication Device Policy exists to provide guidance to employees regarding the acquisition and use of William Paterson University provided
More informationNebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015
Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015 Definitions Cellular Telephone Service For the purposes of this policy, cellular telephone
More informationBYOD (Bring Your Own Device): Employee-owned Technology in the Workplace
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org The information
More informationCellular Site Simulator Usage and Privacy
Policy 609 Cellular Site Simulator Usage and Privacy 609.1 PURPOSE AND SCOPE The purpose of this policy is to set guidelines and requirements pertaining to cellular site simulator technology usage and
More informationThis Policy applies to all staff and other authorised users in St Therese School.
St. Therese School Computer and Internet Policy STAFF Policy Statement All staff and other authorised users of St Therese information and communications technology are to use the technology only in a way
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationCell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.
Cell Phone Policy 1. Purpose: Establish a policy for cell phone use and compensation allowance. 2. Authority: The Clinton County Board of Commissioners. 3. Application: This Cell Phone Policy (the Policy)
More informationManagement: A Guide For Harvard Administrators
E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered
More informationTERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE
TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE 1. General The term PPS refers to: Professional Provident Society Holdings Trust, (The Holding Trust); Professional
More informationDIGITAL EVIDENCE TOOL BOX
DIGITAL EVIDENCE TOOL BOX Toolbox Page 1 of 23 Introduction This guide is meant to provide a basic understanding of the industry standards, best practices and practical applications for the use of digital
More informationInternet, , and Computer Usage Policy
Important disclaimer: The policy available on this page is only an example and is furnished merely as an illustration of its category. It is not meant to be taken and used without consultation with a licensed
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationGENERAL ORDER PORT WASHINGTON POLICE DEPARTMENT
GENERAL ORDER PORT WASHINGTON POLICE DEPARTMENT SUBJECT: DEPARTMENT INTERNET & EMAIL NUMBER: 1.10.1 ACCESS AND USE ISSUED: 3/31/09 SCOPE: All Police Personnel EFFECTIVE: 3/31/09 DISTRIBUTION: General Orders
More informationComputer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationELECTRONIC MAIL POLICY
m acta I. PURPOSE The Information Systems (IS) Department is responsible for development and maintenance of this policy. The Finance and Administration Division is responsible for publishing and distributing
More informationCell and PDAs Policy
Cell and PDAs Policy CHAPTER: 13 Information Services Department SECTION: 13 SUBJECT: Cell Phones and PDAs POLICY #: 13.13.00 Revised OFFICE/DEPARTMENT: Information Services EFFECTIVE DATE: October 1,
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationChecklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery
Checklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery To aid and advance the ability for a litigation to successfully employ computer-based discovery, Rule 16(c) of the Federal Rules
More informationA Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US
More informationTOP TRENDING THE MAGAZINE. Menu. 1 of 6 6/7/16 4:38 PM. Keep it Simple, Legal. A New Role Bridging Business and Legal at Shell
Menu TOP TRENDING 1 2 3 4 5 Keep it Simple, Legal A New Role Bridging Business and Legal at Shell GC Perspectives on Legal Operations LGBT Employee Considerations Outside the United States How to Act when
More informationSafeguarding Attorney-Client Privilege in a Wireless World
Safeguarding Attorney-Client Privilege in a Wireless World What to consider when communicating with your clients Marc S. Martin, Partner 202-778-9859 mmartin@klng.com www.klng.com Attorney Treatment of
More informationTrends in Mobile Forensics from Cellebrite
Trends in Mobile Forensics from Cellebrite EBOOK 1 Cellebrite Survey Cellebrite is a well-known name in the field of computer forensics, and they recently conducted a survey as well as interviews with
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationMichael McCartney, President
Michael McCartney, President Litigation Landscape Computer Forensics Overview Forensic Data vs. Non-Forensic Dangers of Hard Drives Forensic Process HR Escrow Proactive Forensics Pit falls to avoid 1 650
More informationTRAINING Government in the Sunshine & Public Records. Carla Miller, Director Office of Ethics, Compliance and Oversight
TRAINING Government in the Sunshine & Public Records Carla Miller, Director Office of Ethics, Compliance and Oversight ecoethics@coj.net What you need to do: Read this training module (Powerpoint) on your
More informationOffice Properties Income Trust Privacy Notice Last Updated: February 1, 2019
General Office Properties Income Trust Privacy Notice Last Updated: February 1, 2019 Office Properties Income Trust ( OPI ) is committed to your right to privacy and to keeping your personal information
More informationCITY OF DUBUQUE ADMINISTRATIVE POLICY REVISED OCTOBER 24, 2011 RETROACTIVE TO JANUARY 1, 2011
CITY OF DUBUQUE ADMINISTRATIVE POLICY POLICY NUMBER: 2. 13 SUBJECT: ACQUISITION AND USE OF CELLULAR TELEPHONE EQUIPMENT APPROVED BY: CITY MANAGER EFFECTIVE DATE: AUGUST 6, 1996 REVISED FEBRUARY 1, 2004
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationTELEPHONE AND MOBILE USE POLICY
TELEPHONE AND MOBILE USE POLICY Date first approved: 9 December 2016 Date of effect: 9 December Date last amended: (refer Version Control Table) Date of Next Review: December 2021 First Approved by: University
More informationREGULATION BOARD OF EDUCATION FRANKLIN BOROUGH
R 3321/Page 1 of 6 The school district provides computer equipment, computer services, and Internet access to its pupils and staff for educational purposes only. The purpose of providing technology resources
More informationDigital Forensics UiO
Digital Forensics UiO About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Information Security Consultant Security Audits Digital Forensics / Incident Response Education
More informationEnterprise Income Verification (EIV) System User Access Authorization Form
Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be
More informationThe City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.
Policy Number: 10-09-02 Section: Roads and Traffic Subsection: Traffic Operations Effective Date: April 25, 2012 Last Review Date: Approved by: Council Owner Division/Contact: For information on the CCTV
More informationDCU Guide to Subject Access Requests. Under Irish Data Protection Legislation
DCU Guide to Subject Access Requests Under Irish Data Protection Legislation Context Under section 4 of the Irish Data Protection Acts 1988 & 2003 an individual, on making a written request to DCU, may
More informationAcceptable Use Policy
Acceptable Use Policy POLICY 07.01.01 Effective Date: 01/01/2015 The following are responsible for the accuracy of the information contained in this document Responsible Policy Administrator Information
More informationDigital Forensics UiO. Digital Forensics in Incident Management. About Me. Outline. Incident Management. Finding Evidence.
Digital Forensics UiO Outline Incident Management Digital Forensics Finding Evidence 3 About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Information Security Consultant
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationDigital Forensics at a University. Calvin Weeks Director, Oklahoma Digital Forensics Lab University of Oklahoma
Digital Forensics at a University Calvin Weeks Director, University of Oklahoma Calvin Weeks Director, Former Director of IT Security Certified EnCASE Examiner (EnCE) VP of the local chapter of HTCIA Co-Chair
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationAcceptable Use Policy
Acceptable Use Policy 1. Purpose The purpose of this policy is to outline the acceptable use of computer equipment at Robotech CAD Solutions. These rules are in place to protect the employee and Robotech
More informationSupersedes Policy previously approved by TBM
Document Title: Email Policy Pages Document Type: Policy 6 No. Of Scope: Government of Newfoundland and Labrador (GNL) Trim # DOC15481/2009 Revision ( # ) 27 Treasury Board Approval ( # ) TBM2009-298 Supersedes
More information19 Dec The forwarding and returning obligation does not concern messages containing malware or spam.
E-mail rules 1/5 E-mail rules These e-mail rules concern all users of the university's e-mail systems. The parts aimed at university staff members concern all of the University's units, their employees
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview ONS IT s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to ONS established culture of openness, trust and integrity.
More informationMobile Device Investigations: From Android to iphone and Back. February 2017
Mobile Device Investigations: From Android to iphone and Back February 2017 1 Agenda Introduction to Mobile Forensics Mobile device 101 Different types of mobile devices Preservation of data on mobile
More informationMobile Device Investigations: From Android to iphone and Back
Mobile Device Investigations: From Android to iphone and Back Jason Bergerson Director, Consulting Operations, LT Consulting November 16, 2016 1 Jason Bergerson Director, Consulting Operations, Kroll Ontrack
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationWireless Security Access Policy and Agreement
Wireless Security Access Policy and Agreement Purpose The purpose of this policy is to define standards, procedures, and restrictions for connecting to Fort Valley State University s internal network(s)
More informationTexas Health Resources
Texas Health Resources POLICY NAME: Remote Access Page 1 of 7 1.0 Purpose: To establish security standards for remote electronic Access to Texas Health Information Assets. 2.0 Policy: Remote Access to
More informationCommunication and Usage of Internet and Policy
Communication and Usage of Internet and Email Policy Policy Category Administration Policy Code ADM HE 27 Policy owner Chief Executive Officer Responsible Officer Chief Executive Officer Approving authority
More informationEffective security is a team effort involving the participation and support of everyone who handles Company information and information systems.
BACKED BY REFERENCE GUIDE Acceptable Use Policy GENERAL GUIDANCE NOTE: This sample policy is not legal advice or a substitute for consultation with qualified legal counsel. Laws vary from country to country.
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationCorporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial
Corporate Policy Information Systems Acceptable Use Document No: ISY-090-10 Effective Date: 2014-06-10 Page 1 of 5 Rev. No: 0 Issuing Policy: Information Systems Department Policy Originator: Erick Edstrom
More informationWireless Communication Device Policy Policy No September 2, Standard. Practice
Standard This establishes the business need and use of cellular phones (hereinafter referred to as wireless communication devices ) as an effective means of conducting City of Richland business, and to
More informationRecords Management and Retention
Records Management and Retention Category: Governance Number: Audience: University employees and Board members Last Revised: January 29, 2017 Owner: Secretary to the Board Approved by: Board of Governors
More informationB. Employees are expected to make personal calls on non-work time and to ensure that friends and family members are aware of the City s policy.
City of Winder Personnel Policy Manual Title: Cellular Phone Use & Reimbursement Date Issued: 08/2016 Policy: 082 Mayor City Administrator 82.10 Purpose The purpose of this policy is to establish requirements
More informationIRIS LLC Sample Interrogatories for Electronic Discovery. UNITED STATES DISTRICT COURT DISTRICT OF [Jurisdiction]
IRIS LLC Sample Interrogatories for Electronic Discovery UNITED STATES DISTRICT COURT DISTRICT OF [Jurisdiction] Court File No.: Plaintiff, INTERROGATORIES TO [Party Name v. Defendant, I. Definition. The
More informationNMHC HIPAA Security Training Version
NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationTITLE SOCIAL MEDIA AND COLLABORATION POLICY
DATE 9/20/2010 TITLE 408.01 SOCIAL MEDIA AND COLLABORATION POLICY ORG. AGENCY Department of Communications Approved AFT As more and more citizens in our community make the shift towards, or include the
More informationII.C.4. Policy: Southeastern Technical College Computer Use
II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer
More informationUniversity Policies and Procedures ELECTRONIC MAIL POLICY
University Policies and Procedures 10-03.00 ELECTRONIC MAIL POLICY I. Policy Statement: All students, faculty and staff members are issued a Towson University (the University ) e-mail address and must
More information<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device
More informationEmployee Departure Checklist
Employee Departure Checklist Departing employee's name: Departure date: Supervisor's name: Employee to be terminated: Yes No DO NOT NOTIFY EMPLOYEE OF THIS LIST IF YES Person responsible for completing
More informationInformation leaflet about processing of personal data (
Information leaflet about processing of personal data (www.magyarfoldgazkereskedo.hu) In accordance with articles 13 and 14 of the regulation (EU) 2016/679 OF the European Parliament and of the Council
More informationRMU-IT-SEC-01 Acceptable Use Policy
1.0 Purpose 2.0 Scope 2.1 Your Rights and Responsibilities 3.0 Policy 3.1 Acceptable Use 3.2 Fair Share of Resources 3.3 Adherence with Federal, State, and Local Laws 3.4 Other Inappropriate Activities
More informationData Privacy Breach Policy and Procedure
Data Privacy Breach Policy and Procedure Document Information Last revision date: April 16, 2018 Adopted date: Next review: January 1 Annually Overview A privacy breach is an action that results in an
More informationPOLICY 8200 NETWORK SECURITY
POLICY 8200 NETWORK SECURITY Policy Category: Information Technology Area of Administrative Responsibility: Information Technology Services Board of Trustees Approval Date: April 17, 2018 Effective Date:
More informationMobility Policy Bundle
Version 2018-02 Mobility Policy Bundle Table of Contents This document contains the following policies: BYOD Access and Use Policy (revised 02/2018) Mobile Device Access and Use Policy (revised 02/2018)
More informationMinistry of Government Services Office of the Corporate Chief Information Officer Corporate Security Branch
Ministry of Government Services Office of the Corporate Chief Information Officer Corporate Security Branch Acceptable Use of Information and Information Technology (I&IT) Resources Policy March 2011 March
More informationCARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION. I. Purpose
CARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION I. Purpose To provide guidance to schools and administrative offices regarding the maintenance, retention,
More informationSynchrotron Light Source Australia Pty Ltd
Document no: 22670 Revision no: 2.0 Date: 11 August 2014 Synchrotron Light Source Australia Pty Ltd ABN 18 159 468 256 ACN 159 468 256 www.synchrotron.org.au 800 Blackburn Road, CLAYTON, VIC, 3168 p +613
More informationCity of Seattle. IT Policy. Internal Controls Over Voice Communications. Gregory J. Nickels, Mayor Bill Schrier, Chief Technology Officer
Summary and Background Background: While it is City policy that telephones should be used for work purposes, the City recognizes that staff members may need to use the telephones to accommodate the demands
More informationDigital Forensics UiO
Digital Forensics UiO About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Head of Security Senior Information Security Consultant Security Audits Digital Forensics / Incident
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationDigital Forensics UiO
About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS Digital Forensics UiO I work as: Head of Security Senior Information Security Consultant Security Audits Digital Forensics / Incident
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
More informationUnderstanding Computer Forensics
Understanding Computer Forensics also known as: How to do a computer forensic investigation... and not get burned Nick Klein SANS Canberra Community Night 11 February 2013 The scenario... Your boss tells
More informationINTERNET ACCESS SERVICE AGREEMENT PLEASE READ CAREFULLY
INTERNET ACCESS SERVICE AGREEMENT PLEASE READ CAREFULLY Plains Communication Services ( PCS ), LLC and Plainstel.com provides its subscribers with access to the Internet only on the terms and conditions
More informationECLIPSE FOUNDATION, INC. INDIVIDUAL COMMITTER AGREEMENT
ECLIPSE FOUNDATION, INC. INDIVIDUAL COMMITTER AGREEMENT THIS INDIVIDUAL COMMITTER AGREEMENT (THE AGREEMENT ) is entered into as of the day of, 20 (the Effective Date ) by and between Eclipse Foundation,
More informationCOMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS. Frank Gearhart, ISSA Colorado Springs
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS Frank Gearhart, ISSA Colorado Springs TECHNOLOGY + INVESTIGATION + STORYTELLING Know the case Find the evidence Follow the facts Create the timeline
More information4.2 Electronic Mail Policy
Policy Statement E-mail is an accepted, efficient communications tool for supporting departmental business. As provided in the Government Records Act, e-mail messages are included in the definition of
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationJacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope
Jacksonville State University Acceptable Use Policy 1. Overview Information Technology s (IT) intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Jacksonville
More informationPrivacy Breach Policy
1. PURPOSE 1.1 The purpose of this policy is to guide NB-IRDT employees and approved users on how to proceed in the event of a privacy breach, and to demonstrate to stakeholders that a systematic procedure
More information