MIS SYSTEMS

&
DATA
SECURITY

Security Awareness and Training

Staff Initial Security Awareness and Annual Refresher Training: The purpose of this
presentation is:

To well inform staff of the expectations and requirements for systems access privileges and
accountability
Focuses on entire WorkNet staff, supervision, its contracted providers and partners that use a
component or the entire system
Designated to change behavior or reinforce good security practices
To provide security awareness, training, education and professional development
To ensure an effective and on-going security awareness program
Significant number of topics may be mentioned

Federal and State Statute, Policy requirements, sanctions, safeguards and penalties
WorkNet Server and Email Rights
Various Assigned Workforce MIS System Privileges
Confidentiality and inherent Penalty of Misuse
User Responsibilities
Password usage and management
USER-ID usage
Rules of Behavior
Email and Web usage
Data Security
Mobile devices and media
Technical Assistance
Guidelines to request support

Security Awareness and Training (Continued)

Goal of Security Training

Teach skills to perform a specific function awareness

Focus attention on an issue or set of issues
Must be provided on an on-going basis to all users
Document initial and annual training
Include confidentiality provisions, penalties, rules of behavior that are expected
Password creation, use, protection and management
Logging off computing systems when not in use
Locking computers when users are away from workstations

Authority and Purpose

WorkNet Pinellas supervision and its internal Regional Security Officers are
responsible for administering MIS privileges, setting security rights, providing
security training of the UC program and is responsible for ensuring policies,
procedures and controls are adequate to protect the security and integrity of
UC information.

Subject to the following state and federal statutes and/or policy guidance:

OMB Circular A-130, Public Law 100-235,

Florida Statute; 20 CFR 603 and sections 443.171(5) and 443.1715,
Florida Statute; 45 CFR 205.50 and section 414.295,
Florida Computer Crimes Act and
Federal Statute referenced as HIPAA or the Health Insurance Portability and
Accountability Act of 1996.

Purpose and intention is to provide WorkNet users information and

instructions to maintain security and integrity of multitude of data accessed
and used through various MIS systems.

Customer and Employer information is confidential and is available only to

public employees in the performance of their public duties.

Confidentiality and Penalty for Abuse

Regardless of access, there are restrictions and

penalties on the access, use, disclosure, and
unauthorized access, use or disclosure of information.
Applicant, Participant, and Employer Information is
confidential per 443.171(5) and 443.1715, F.S. Medical
and welfare information is confidential under section
414.295 F.S. and HIPAA
System access privilege provides access to confidential
information and must be protected
Is only available to public employees in the performance
of their public duties
Any violation is a misdemeanor of the second degree
and are punishable as provided in 775.082 or 775.083,
F.S.

WorkNet Data Systems:

Internal systems

WorkNet Network
Public or G Drive
Microsoft Outlook
Electronic Filing System (E-Filing-Legacy and ATLAS)
Online Orientation Admin Site containing customer info
(Legacy and ATLAS)

External via internal system

Internet
OWA
State agencies intranets

Workforce MIS Systems

Assigned access and privileges to a Workforce Management Information System
(MIS):

Employ Florida Marketplace - EFM

One Stop System Tracking - OSST
One Stop Management Information System
OSMIS (limited access- as needed only)
Florida Online Recipient Integrated Data
Access FLORIDA
Unemployment Insurance Applications
Connect
Employer and Wage Credit Information Suntax

Supervisor and Security Officer Roles and Responsibilities

Restrict system access privileges to authorized users.

Use the system in an appropriate manner

Ensure employees do not violate system privacy provisions

Comply with confidentiality provisions

Ensure initial and on-going security awareness and training program

Ensure employees do not attempt to cause system malfunctions

Terminate access privileges when access is no longer required

Staff or End User Responsibilities:

Accept responsibility for the security and integrity of data and systems for which access
is granted
Maintain User Identifiers (userIDs) required to access server, email, and MIS systems
Maintain password integrity:

Use a combination of alpha and numerics as defined by MIS,

Comply with password reset or change requirements,
Do NOT use your name or personal identifiers,
Do NOT share with anyone or request anothers, or
Do NOT write it down

Participate in security awareness and training sessions

Protect data and system information from theft, loss, damage and unauthorized
disclosure and misuse and immediately report any such occurrences
Assist in maintaining the security and integrity of the data systems
Restrict the use of applicant, participant and employer information for official purposes
only
Do not abuse or maintain in an insecure manner and data or MIS information from the
workplace or store information on remote storage media devices

Rules of Behavior

Extend to all personnel accessing and using MIS systems, data, or equipment
Do not remove confidential data or equipment from its official location
Do not store unsecured confidential data on personal equipment
Do not use access privileges for personal gain
Do not disclose sensitive or confidential information
Never share passwords or userIDs
Delete access and review access as needed
Restrict access to confidential applicant, participant and employer information
Do not knowingly transmit, retrieve or store any electronic communication that is:

Discriminatory or harassing,
Derogatory to any individual or group,
Obscene or sexually explicit,
Defamatory or threatening,
In violation of any license governing software usage, or
Illegal or contrary to WorkNet policy or business interests.

Abide by all federal and state statute, applicable security policies and procedures

WorkNet Server & System Access

Network includes email and WorkNet

server access is password protected

Access & password provided through WorkNet

Information Technology Department IT
Server or G Drive access is available after
receiving network user id and password
E-mail account is set up by IT and is available with
network access account
External or OWA access is available with internal
email access

WorkNet E-mail Guidelines

These guidelines refer to all staff and all electronic communication conveyed using the
WorkNet Pinellas (aka CareerSource Pinellas) email account:
@
@
@
@
@

Is Not Private
Is the property of WNP (WorkNet Pinellas)
Messages sent outside WorkNet or email server are not secure
Do not share e-mail accounts or passwords
Offensive, demeaning or disruptive messages are prohibited

Internal/External Email Security

@ Never send social security numbers via e-mail
@ Never open an attachment from someone you do not know
@ Never forward chain mail

Note: Mandatory Completion annually of the Computer Use Policy Agreement and AWI Mandatory Agreement located on the G or public drive under Security
folder

Data Security
Data is obtained in the following ways:

Applications
Customer Service
Interviews
Orientations
Workshops
External documentation
Various MIS systems

Best practices for data security:

Do not discuss customer information with others

Do not discuss customer information on phone or with co-workers in an environment
or manner in which customer confidentiality is not maintained

Do not request personal protected data in open areas from customer

Do not leave customer documents in unsecure locations

Do not download protected data on jump drives, CDs, etc

Data Security cont.

Medical documentation

Must secure all documentation in secured environment; WorkNet e-filing or separate locked
storage file

Must not release medical information to third party

Must not discuss medical information in shared office areas

Information sharing only with written authorization

Documentation related to Domestic Violence (DV) and HIV/AIDS

Must comply with all requirements above for Medical documentation

May not be stored in WorkNets e-Filing system

May only be stored in a separate locked and secure file

May not be annotated in any MIS system such as an OSST or EFM case note or Florida CLRC

System Security Best Practice

LOCK YOUR COMPUTER
WHEN LEAVING
UNATTENDED

To lock keyboard: Hold Ctrl, Alt and Del keys at same time when
message box pops up click lock computer

Security when approved use of Mobile Devices and Media

Portable devices capable of storing or processing data such as laptops and PDAs

Mobile media are portable devices capable of storing data such as thumb drives,
DVDs and CDs

The use of mobile media and devices increases risks, threats, and vulnerabilities of
data being disclosed, altered, lost or stolen and lacks the Agencys firewall protection

The use of mobile devices and media are limited and must be approved by
management

Potential Penalties:

Users who do not comply with the confidential provisions in user agreements and
prescribed rules of behavior are subject to administrative penalties available through
existing policies, procedures, rules, regulations and federal and state statutes

Loss of system privileges

Reprimands

Temporary suspension from duty

Removal from current position

Termination of employment

Criminal prosecution

Fine up to $500 or a term of imprisonment not to exceed 60 days

Technical Assistance

Security Standard Operating Procedures (SOP) maintained on the G drive

under Security folder and Staff security agreements maintained by IT and
RSOs on an annual basis
All questions should be directed to the appropriate contact below:

IT and Regional Security Officers (RSO):

For IT Support to include WorkNet server,

connectivity, or email assistance:

Brandon Pham and Steve Blakey, IT Support and Technical

Assistance

For Workforce MIS System Support:

Don Shepherd, Primary RSO
Michelle Tripp, Core and Business Services RSO
Lysandra Montijo or Marsha Safarik, Intensive Services RSO

Staff IT and MIS Support:

System Access, Connectivity Support & Password Resets
IT Support or Assistance:
Check with your supervisor for assistance as your first step
IT assistance or requests are initiated by completion of an IT
support ticket accessed via your desktop
IT assistance may also be requested by supervisors through
direct email request and ensure a copy to appropriate manager
Password Resets:
E-mail request directly to security officer
Copy your supervisor on the e-mail
Specify which system needs to be reset
State if request is to reset access and/or password
Send your username or user id
Never include your password

System/Data Security
Please send any questions,
comments, or suggestions to:
Lysandra Montijo
lmontijo@careersourcepinellas.com

THE END