General
What is DOR IT Documents Page? (Or Sharepoint Link)
Where are the policies located?
Collected, stored, and managed per the Technology Resource owner or delegated support function’s process.
What is Activity Logs?
NAME THAT POLICY: KP implements reasonable safeguards to protect its non-public information from loss, unauthorized access, and use and / or modification.
What is Data Protection?
Name a tool used for external connections to KP Network that is configured and authorized by IT for remote access.
What is VPN or RAS?
Name that Policy: (KP) implements safeguards to protect KP non-public information that is created, received, transmitted, and stored by KP email systems and other electronic communication and messaging forums
What is Secure Electronic Communication ?
The department that conducts risk rating estimation to determine impact of nonconformance and proposed mitigation as appropriate
What is TRO?
The department that reviews and analyzes, in accordance with cyber security processes and procedures, activity logs generated, collected, and provided by on-boarded Technology Resources.
What is TRO?
Process where KP updates and maintains confidential restricted information through monitoring, scanning and data encryption.
What is Data Loss Prevention?
A key internal control that involves separating incompatible duties and/or responsibilities. Either manual or automated control to help prevent or decrease the risk of errors, irregularities, or fraud by ensuring no single individual has control over all phases of a transaction or business process.
What is (SOD) Segregation of Duties?
Who owns the electronic information created by or on behalf of KP for the purpose of KP businesses?
Who is KP?
NAME THAT POLICY: To establish requirements for developing, reviewing, revising, and retaining policies, procedures, and other documentation related to KP privacy, combined privacy and security and information security practices.
What is Privacy and Information Security Policies, Procedures, and Documentation?
NAME THAT POLICY: To establish requirements for recording, reviewing, and acting upon activities defined as significant and relevant to security and compliance with legal, regulatory, and contractual obligations, and reporting on patterns of possible misuse
What is System Activity Logging, Monitoring, and Review?
Three cities where DOR stores data backup.
What is Oakland, Napa, and Silver Springs?
Name that Policy: Kaiser Permanente (KP) implements reasonable safeguards to protect its networks from known and anticipated internal and external threats.
What is Network Security?
Name that Policy: the appropriate use of KP information, networks, medical and computing systems/devices and electronic media. Inappropriate use exposes KP to risks including misuse, damage, and destruction of information.
What is Acceptable Use of KP Information Systems and Assets?
NAME THAT POLICY: The need and business purpose for an allowance for nonconformance with an Information Technology (IT) and/or Information Security policy is processed, approved by management, and monitored.
What is Exceptions to IT and Information Security Policy?
Name that Policy: Comprehensive and effective information security controls are implemented throughout the computing environment to safeguard information systems and data, and to meet compliance obligations.
What is Information Technology Compliance?
Name One of the 4 requirements required for safe Transient Public Data.
What is move data to a permanent location, encrypt data, store security and media with transit needs to be wiped clean after use.
Define that access: Privilege granted to certain workforce members that allows them to perform required job duties not permitted through “regular” or “typical" means i.e.: altering or deleting 500 or more records of insensitive data.
What is Elevated access?
Define the acronym BIO
Business Information Officer who has the end to end accountability for the support of applications, is accountable for the accuracy, completeness, timeliness, and integrity of the repository's information.