Privacy and Security Notice

CC Home | JLAB Home | JLAB Internal

Helpdesk | Services | Scientific Computing | Networks | Telecommunications | CAD/CAE | Policies

Line Manager Responsibilities for Cyber Security

 

Line Manager Responsibilities for Cyber Security

November 2001

 

Cyber security is a part of the Lab's integrated security management program where line managers are responsible for the overall security of their operation, including computer and data security.

 

Responsibilities relating to cyber security include ensuring the integrity, availability, and appropriate access and use of data and systems within the group.  This means that operational procedures and access controls that are appropriate to the group's work should be in place, that individuals are made aware of their responsibilities, and that they are provided with the resources to carry out those responsibilities.

 

Individual computer users' responsibilities are detailed in "Jefferson Lab Computer User Responsibilities" which is provided as a handout to new users and is available on Computer Center Web pages at:  http://cc.jlab.org/services/security

 

The Computer Center, in addition to fulfilling its own line-management responsibilities in its program-specific tasks, provides advice and support to line management and individuals in the use of central services, data backup, virus protection, and overall site security for computers and networks.  The Computer Center provides technical support for groups' cyber security planning and establishes base-line procedures in the Jefferson Lab Cyber Security Program Plan.

 

A group's line manager should determine if the established Computer Center procedures (ref. http://cc.jlab.org/services/security/) are sufficient for the group's operations.  In those cases where the base-line procedures or central services are not appropriate for the specific needs of the group, line managers are responsible for establishing appropriate procedures.  Line managers are responsible to ensure that their group follows the established procedures, whether the procedures are work-group specific or the Lab's base-line procedures.

 

An example of the need for enhanced procedures is the case where it may not be appropriate for sensitive data to be transferred to a central machine for backup.  This situation may require that a local procedure for backup and archival be in place to ensure the integrity, availability, and appropriate access and use of the data.

 

Computer and data security procedures that differ from or enhance the Lab's base-line procedures must be documented in the work group's security plan. These security plans shall include the procedures in use to maintain cyber security and may reference the use of central facilities (such as backup and virus protection) in addition to detailing local plans.  Examples of specialized procedures that go beyond the routine services provided by the Computer Center include:

 

q       protection of business-sensitive information such as contracts and bidding information

q       protection of personnel or medical information

q       protection of credit card information collected for conference registration

q       local procedures that detail access for accelerator control systems

 

A template for a group-level cyber security plan is available at http://cc.jlab.org/docs/security/procedures/group-security-plan-template.html.

 

For help and advice regarding security plans, contact Bob Lukens (x6376) or security@jlab.org

 

This document is maintained by {helpdesk@jlab.org}

Copyright Jefferson Lab 2007