DBA CareerSource Pinellas

MANAGEMENT INFORMATION
SYSTEMS (MIS)
&
DATA SECURITY

Security Awareness and Training

Initial/New Hire & Annual Refresher
O

The purpose of this presentation is:

O
O
O
O
O
O

To inform staff of the expectations and requirements for systems access

privileges and accountability
Focuses on entire WorkNet staff, supervision, its contracted providers and
partners that use a component or the entire system
Designated to change behavior or reinforce good security practices
To provide security awareness, training, education and professional
development
To ensure an effective and on-going security awareness program
Significant number of topics may be mentioned
O
O
O
O
O
O
O
O
O
O
O
O
O

Federal and State Statute, Policy requirements, sanctions, safeguards and

penalties
WorkNet Server and Email Rights
Various Assigned Workforce MIS System Privileges
Confidentiality and inherent Penalty of Misuse
User Responsibilities
Password usage and management
USER-ID usage
Rules of Behavior
Email and Web usage
Data Security
Mobile devices and media
Technical Assistance
Guidelines to request support

Security Awareness and Training (Continued)

O Goal of Security Training
O
O
O
O
O
O
O
O

Teach skills to perform a specific function awareness

Focus attention on an issue or set of issues
Must be provided on an on-going basis to all users
Document initial and annual training
Include confidentiality provisions, penalties, rules of
behavior that are expected
Password creation, use, protection and management
Logging off computing systems when not in use
Locking computers when users are away from workstations

Authority and Purpose

O WorkNet Pinellas supervisors and its internal Regional Security Officers are

responsible for administering MIS privileges, setting security rights,

providing security training of the UC program and is responsible for
ensuring policies, procedures and controls are adequate to protect the
security and integrity of all public data to include, but not limited to, UC
information.

O Subject to the following state and federal statutes and/or policy guidance:
O OMB Circular A-130, Public Law 100-235,
O Florida Statute; 20 CFR 603 and sections 443.171(5) and 443.1715,
O Florida Statute; 45 CFR 205.50 and section 414.295,
O Florida Computer Crimes Act and
O Federal Statute referenced as HIPAA or the Health Insurance Portability and
Accountability Act of 1996.
O Purpose and intention is to provide WorkNet users information and

instructions to maintain security and integrity of multitude of data

accessed and used through various MIS systems.

O Customer and Employer information is confidential and is available only to

public employees in the performance of their public duties.

Confidentiality and Penalty for Abuse

O Regardless of access, there are restrictions and penalties on
O

O
O
O

the access, use, disclosure, and unauthorized access, use or

disclosure of information.
Applicant, Participant, and Employer Information is
confidential per 443.171(5) and 443.1715, F.S. Medical and
welfare information is confidential under section 414.295 F.S.
and HIPAA
System access privilege provides access to confidential
information and must be protected
Is only available to public employees in the performance of
their public duties
Any violation is a misdemeanor of the second degree and are
punishable as provided in 775.082 or 775.083, F.S.

WorkNet Data Systems:

Internal systems
WorkNet Network
Public or G Drive
Microsoft Outlook
Electronic Filing System (E-Filing-Legacy and ATLAS)
Online Orientation Admin Site containing customer
info (Legacy and ATLAS)

External via internal system

Internet
OWA
State agencies intranets

Workforce MIS Systems

Assigned access and privileges to a
Workforce Management Information
System (MIS):
Employ Florida Marketplace - EFM
One Stop System Tracking - OSST
One Stop Management Information System OSMIS

(limited access- as needed only)

Florida Online Recipient Integrated Data Access
FLORIDA
Unemployment Insurance Applications Connect
Employer and Wage Credit Information Suntax

Supervisor and Security Officer Roles and

Responsibilities
O Restrict system access privileges to authorized users.
O Use the system in an appropriate manner
O Ensure employees do not violate system privacy provisions
O Comply with confidentiality provisions
O Ensure initial and on-going security awareness and training program
O Ensure employees do not attempt to cause system malfunctions
O Terminate access privileges when access is no longer required

Staff or End User Responsibilities:

O Accept responsibility for the security and integrity of data and systems for

which access is granted

O Maintain User Identifiers (userIDs) required to access server, email, and MIS
systems
O Maintain password integrity:
O
O
O
O
O

Use a combination of alpha and numerics as defined by MIS,

Comply with password reset or change requirements,
Do NOT use your name or personal identifiers,
Do NOT share with anyone or request anothers, or
Do NOT write it down

O Participate in security awareness and training sessions

O Protect data and system information from theft, loss, damage and

unauthorized disclosure and misuse and immediately report any such

occurrences
O Assist in maintaining the security and integrity of the data systems
O Restrict the use of applicant, participant and employer information for official
purposes only
O Do not abuse or maintain in an insecure manner and data or MIS information
from the workplace or store information on remote storage media devices

Rules of Behavior
O Extend to all personnel accessing and using MIS systems, data, or equipment
O Do not remove confidential data or equipment from its official location
O Do not store unsecured confidential data on personal equipment
O Do not use access privileges for personal gain
O Do not disclose sensitive or confidential information
O Never share passwords or userIDs
O Delete access and review access as needed
O Restrict access to confidential applicant, participant and employer information
O Do not knowingly transmit, retrieve or store any electronic communication that

is:
O
O
O
O
O
O

Discriminatory or harassing,
Derogatory to any individual or group,
Obscene or sexually explicit,
Defamatory or threatening,
In violation of any license governing software usage, or
Illegal or contrary to WorkNet policy or business interests.

O Abide by all federal and state statute, applicable security policies and

procedures

WorkNet Server & System

Access

Network includes email and WorkNet server access is password

protected

Access & password provided through WorkNet Information

Technology Department IT
Server or G Drive access is available after receiving
network user id and password
E-mail account is set up by IT and is available with
network access account
External or OWA access is available with internal email
access

WorkNet E-mail Guidelines

These guidelines refer to all staff and all electronic communication
conveyed using the WorkNet Pinellas (aka CareerSource Pinellas) email
account:
@
@
@
@
@

Is Not Private
Is the property of WNP (WorkNet Pinellas)
Messages sent outside WorkNet or email server are not secure
Do not share e-mail accounts or passwords
Offensive, demeaning or disruptive messages are prohibited

Internal/External Email Security

@ Never send social security numbers via e-mail
@ Never open an attachment from someone you do not know
@ Never forward chain mail

Note: Mandatory Completion annually of the Computer Use Policy Agreement and
DEO Mandatory Agreement located in ATLAS under MIS Security file.

Data Security
Data is obtained in the following ways:

Applications
Customer Service
Interviews
Orientations
Workshops
External documentation
Various MIS systems

Data Security Best

Practices
O Do not discuss customer information with others
O Do not discuss customer information on phone or with co-

workers in an environment or manner in which customer

confidentiality is not maintained
O Do not request personal protected data in open areas from
customer, i.e. office lobby, hallway, etc.
O Do not leave customer documents in unsecure locations, i.e.
desks, copiers, file cabinets, clip boards.
Documentation that is currently being worked on should be placed in a desk
drawer, file cabinet drawer.
O Copiers, Fax machines, and clip boards should be monitored at the end of
each day for any documentation containing customer information
O

O Do not download protected data on jump drives, CDs, etc.

O Do not keep hard copy documentation of forms already

uploaded to queues or customer files.

Data Security-Medical
Documents
Must secure all documentation in secured environment;
WorkNet e-filing or separate locked storage file

Must not release medical information to third party

Must not discuss medical information in shared office
areas
Information sharing only with written authorization

Data Security-DV &

HIV/AIDS

Must comply with all requirements above for Medical

documentation

May not be stored in WorkNets e-Filing system

May only be stored in a separate locked and secure file

May not be annotated in any MIS system such as an OSST or

EFM case note or Florida CLRC

System Security Best

Practice
LOCK YOUR COMPUTER
WHEN LEAVING
UNATTENDED

To lock keyboard: Hold Ctrl, Alt and Del keys at same

time when message box pops up click lock
computer

Mobile Devices and Media

O Portable devices capable of storing or processing data such as

laptops and PDAs

O Mobile media are portable devices capable of storing data

such as thumb drives, DVDs and CDs

O The use of mobile media and devices increases risks, threats,

and vulnerabilities of data being disclosed, altered, lost or

stolen and lacks the Agencys firewall protection
O The use of mobile devices and media are limited and must be

approved by management

Potential Penalties:
O Users who do not comply with the confidential provisions in user

agreements and prescribed rules of behavior are subject to

administrative penalties available through existing policies, procedures,
rules, regulations and federal and state statutes
O Loss of system privileges
O Reprimands
O Temporary suspension from duty
O Removal from current position
O Termination of employment
O Criminal prosecution
O Fine up to $500 or a term of imprisonment not to exceed 60 days

Technical Assistance
O Security Standard Operating Procedures (SOP) maintained on

the G drive under Security folder and Staff security

agreements maintained by IT and RSOs on an annual basis
O All questions should be directed to the appropriate contact
below:

IT and Regional Security Officers (RSO):

For IT Support to include WorkNet server,

connectivity, or email assistance:
O Brandon Pham, IT Support and Technical Assistance

For Workforce MIS System Support:

Don Shepherd, Primary RSO
Lysandra Montijo or Marsha Safarik, Intensive Services
RSO

Staff IT and MIS Support:

System Access, Connectivity Support &

Password Resets

IT Support or Assistance:
Check with your supervisor for assistance as your first
step
IT assistance or requests are initiated by completion of
an IT support ticket accessed via your desktop
IT assistance may also be requested by supervisors
through direct email request and ensure a copy to
appropriate manager
Password Resets:
E-mail request directly to security officer
Copy your supervisor on the e-mail
Specify which system needs to be reset
State if request is to reset access and/or password
Send your username or user id
Never include your password

System/Data Security
Please send any
questions, comments, or
suggestions to:
Lysandra Montijo
lmontijo@careersourcepinella
s.com

THE END