SIM POLICIES

1
Policies
IT Architecture
Administration
S Y N E R G Y
2
Policies will

• Extend Usefulness, Efficiency, and Life of
  On-Line Systems
• Minimize Need for Duplicate Entry and Storage
• Facilitate Information Exchange
• Ensure Proper Security Safeguards
• Allow Orderly Replacement of Upgrading Components
• Optimize Financial Investments

3
Data Standards Documentation Modification Storage
Maintenance
Policy Issues
4
Data Policies ensure

• Accuracy
• Verifiability
• Timeliness
• Organization
• Meaningfulness
• Usefulness, and
• Cost-Effectiveness
• VALUE

5
Typical Goals of Data Policies

• To Provide Flexible Customer Service,
• To Increase Communications,
• To Streamline Operations,
• To Provide Program Effectiveness Indicators, and
• Define Who Is Responsible for Data Recovery
  Efforts

6
Privacy Access Rights to Ownership
7
Data Privacy Policies

• To Date, No Omnibus Federal Laws Have Been Passed
  Addressing The Acquisition, Collection, or
  Dissemination of Information by the Private Sector

8
Privacy Policy Guidelines

• Personal Data Should Be Obtained By Lawful and
  Fair Means and with the Knowledge or Consent of
  the Data Subject
• Personal Data Collection Should Be Relevant to
  the Purposes for which that Data Is to Be Used
  and be Accurate, Complete, and Current
• Personal Data Should Not be Disclosed Without the
  Consent of the Data by the Authority of Law
• Personal Data Should Be Protected From
  Unauthorized Access, Destruction, Modification,
  or Disclosure
• Individuals Should Have A Right to See Data
  Collected on Them

9
Security Authentication Authorization
10
Data Security Policies

• Protect Against Three Types of Security Threats
• (1) Modification
• (2) Destruction, or
• (3) Exposure

11
5 Common Steps to Create and Control Security
Policies

• Identify What You Are Trying To Protect
• Determine What and Who You Are Trying to Protect
  It From
• Determining the Likelihood of the Threat
• Implement Measures that Will Protect Your Assets
  in A Cost-Effective Manner
• Review the Process Continuously and Make
  Improvements Each Time A Weakness Is Found

12
Building Blocks of A Security System

• Authentication
• Authorization
• Integrity
• Confidentiality
• Audit Trail

13
How Do We Identify and Authenticate An Individual

• Something You Know (Password, PIN)
• Something You Have (Badge, Smart Card)
• Something You Are (Finger Print, Retinal Scan)

14
Authorization

• Verify Actions A Participant Is Able to Perform
  And Data Able to Access
• Most Authorization Schemes Are Based on the Use
  of Roles

15
Digital Signature

• Digital ID encrypted code
• Identification and authentication
• Exchange of digital certificate
• Assures digital transaction
• Public Key Technology interoperability is
  critical to success
• Legally binding

16
Integrity

• Ensuring the Correctness of Content and/or
• Source of a Piece of Information
• Quality Measures to Eliminate Possibility of Data
  Will Be Modified or Altered

17
Confidentiality

• Protection from Unauthorized Eavesdropping
• Solution Cryptography

18
Audit Trail Chronologically Records all

• User
• System
• Application and
• Network Activities
• to achieve Non-Repudiation Capacity

19
Non-Repudiation Requires that

• All Parties Must Be Identified and Authenticated
• All Parties Must Be Authorized to Perform the
  Functions Required
• The Integrity of the Transaction Must Be Intact
  Throughout the Process
• Certain Transaction Information Needs to Be
  Confidential for Authorized Users Only, and
• All Transactions Must Be Fully Audited

20
Security Measures Protect the Organization from

• Intrusions
• Viruses
• Modification
• but they do require tremendous
  resources..

21
Security Policy Usually Based On.

• Elements of Risk Involved
• Costs and Benefits Associated with Various
  Alternative Security Measures

22
Ethics Code of Ethics
23
Ethics Based Policies

• Four Domains
• Privacy
• Accuracy
• Property
• Accessibility

24
Privacy relates to

• The collection, storage and dissemination of
  information about individuals..
• only that data required to accomplish a
  legitimate business purpose..
• with consent of the individual

25
Accuracy refers to..

• Informations authenticity as it is collected and
  processed
• made available on request to the data subject.
• disagreements re accuracy noted on the record

26
Property relates to..

• Ownership and the Issue of Intellectual
  Property.
• who owns the data and how the data are to be
  used.
• to date, many issues re ownership of electronic
  data remain unresolved

27
Accessibility relates to..

• Right to access information.
• based on legitimate need to know

28
Ethics Criteria

• Clarity
• Unambiguous
• All Guidelines Point to Same Outcome
• Does Not Conflict with Personal Moral Compass

29
Statutory Requirements Work Processes Contracting
and Purchasing