IN.gov - Skip Navigation

Note: This message is displayed if (1) your browser is not standards-compliant or (2) you have you disabled CSS. Read our Policies for more information.


Subscribe for e-mail updates
Print This Page Rate This Page Suggest a Link E-mail This Page HELP Find a Person Find an Agency

Newsroom

The State IT Update

Protecting Personal Data

Safeguarding sensitive and confidential data is a responsibility of every state employee, most importantly the personal information of citizens (such as Social Security numbers). Understanding the sensitivity of your data allow you to protect it appropriately so IOT put together the following tips to help keep the state's personal information secure:

  • Classify data you handle - Decide if it is public, personal, sensitive or confidential.
  • Password protect your access - using a strong password or pass phrase (See Password Management.)
  • Identify where the data is stored - It should be in specific places within your network or on your computer with specific protection methods to keep them more secure.
  • Refrain from transportation or the transmission of sensitive data - If you must transport it, ensure it has an appropriate level of security.
  • Limit physical access whenever possible - Avoid storing sensitive/confidential data on devices that are physically secured. Allow only authorized individuals access to those devices, and monitor access to those devices whenever possible.
  • Restrict network or shared access - Do not allow anyone access to sensitive/personal data unless they specifically require access. Restricting access to only those who really need it limits the risk of both accidental and malicious exposure.
  • Temporary data storage - If you must store sensitive/confidential data temporarily on a memory stick, laptop, or other device, remove that data from the device when you have finished. Ensure that data has been completely erased and not just deleted. (See Effectively Erasing Files.)
  • Encrypt sensitive/confidential data - Encrypting stored sensitive/confidential data helps prevent unintended disclosure even if your system has been compromised. Data can be protected by encrypting the entire storage drive (whole disk encryption) or as selectively as you need, such as by folder or even individual files. Be sure to only use the method or tool your organization has approved.
  • Use separate local or network accounts - By using separate accounts, individuals can be assigned very specific access rights and privileges. Using separate accounts with differing access levels limits the potential for accidental or malicious data exposure. In addition, it is far easier to attribute actions to a specific person using their unique account than to a single person in a group of people using a shared account.
  • Limit the type of access an account or process requires - Limit the kind of access to sensitive/confidential data based on how that data needs to be handled. For example, auditors often only require 'read' access to data files and cannot 'write' or alter a file's contents. Conversely, a system program may only need to execute or run a program without needing to access the confidential data it is handling. At home and work, use your computer as a standard user instead of an administrator to limit what files or data you may have access to on a daily basis. By limiting the kind of access an account has, you can limit what data or systems configuration controls can be accessed as well.

Desktop Hardware Refresh Standards

As part of the Fiscal Year 2008 SEAT charge, the hardware refresh of desktops will be included. This is to better standardize the statewide IT environment to improve costs, response times and stabilize platforms. The following outlines the general guidelines and rules by which hardware refresh will be implemented:

  • Desktop refresh will be performed on a rotating 4-year cycle based on scheduling and agency needs.The schedule will be determined by IOT based on agency needs.
  • Agencies will maintain ownership of their IT desktop and laptop assets, until they are reached on the IOT replacement schedule.At said time, IOT will assume ownership of the IT desktop and laptop assets.
  • The refresh will include a standard desktop PC without monitor.The monitor will be replaced by IOT only upon failure; this is based on the cost of monitor replacement and disposal as determined by IOT in conjunction with IDOA.Agencies may purchase approved service upgrades (i.e. monitor, memory, laptop) for the standard desktop or in lieu of. Service upgrades will be billed back to the agency, but will become an IOT asset.
  • IOT will provide a desktop for new employees if they are not replacing an existing employee (agency growth) and no PC exists. These PCs will be an IOT asset even if the agency has not yet been refreshed. For new employees requesting standard desktop PCs, a lead time of five (5) days is required and assumes that networking, desk location, and all other required pieces are in place. The time to install upgraded desktops, PCs or laptops will also be affected by the need to special order the upgraded PC or laptop.
  • Employee termination, downsizing or unused equipment that is an IOT asset will be recovered if it falls off the SEAT bill. A report will be generated every month and IOT will contact the agency prior to the equipment being recovered. If the agency leaves the PC on and connected to the network and continues to pay SEAT for the asset this should not be an issue (ex. Replacement staff member being hired).
  • PCs which fail and are not cost-effective to repair will be replaced by IOT, and become an IOT asset.
  • Any PCs damaged or sabotaged by a state employee or vendor, it will be the responsibility of the agency to pay for replacement. Any State Employee found to have intentionally damaged state PC equipment may be subject to disciplinary action, up to and including termination.
  • New IDOA regulations require an environmentally safe disposal of computer equipment. IDOA, IOT and PEN have worked in conjunction to provide a cost-effective solution to state government. IOT will cover the cost of PC disposal if it is due to failure or hardware refresh. IOT will also cover the cost of monitors replaced due to failure, but the agency will be responsible for this fee if they choose to purchase a monitor outside of failure. The monitor disposal fee is currently $20.00. Agencies will also be responsible for printer disposal, the cost of which will vary and a quote would be provided by PEN Products based on size and other factors.

These terms and conditions are subject to the discretionary decision of IOT management. Any issue occurring that is not specifically covered under the above rules or interpretation of these rules is at the sole discretion of IOT management.

Microsoft® Home Use Program Provides Deep Discounts

Indiana employees who would like to use Microsoft® office products at home can now do so for relatively cheap. The introduction of the Microsoft® Home Use Program allows state workers to purchase Microsoft® Office Professional Edition 2007 for $19.95.

To take advantage of this offer, please follow these steps:

  • Click on the Microsoft® HUP link.
  • From the drop-down menus, select United States as your country choice and English as you language preference.
  • Enter your work e-mail address and 0AD22EAAEC for the program code.
  • You will receive a welcome message from Microsoft® in your work e-mail box. The message contains a verification e-mail.
  • Click the verification e-mail to access the HUP page on the Microsoft® Web site.
  • test content

For questions about the Home User Program, please contact IOT.

More News