FFY2010

1
FFY2010
EAP Annual Training
Section 2.0 Risk Management
Includes Risk Assessment, Risk Mitigation (Dup
Check), Data Practices, Debtor Exemption Claim
Notice and Security

• August 12 13, 2009
• St. Cloud Minnesota
• Holiday Inn

2
2. Risk Management
Risk Management

• Involves Identifying priority activities within
  the organization for risk assessment by
  considering area that materially impact the
  financial position and results of operations
  (e.g., assets, liabilities, revenues, expenses or
  expenditures account balances that are material
  in dollar amount)

3
Risk Management Introduction
Risk Management

• Major part of ICF
• Local, regional and natural disaster and
  technical failure planning are only a part of
  risk management
• Focus is on managing the risk of improper use of
  public funds
• This year the concept was introduced into the
  Local Plans
• Looking for a single, not a homerun this year
• Build on this each year

4
What is Risk Management?
Risk Management

• Lessening adverse impact if a risk event occurs
  is the heart of good risk management
• Assuring events do not result in disaster
• It is geared towards potential events that may
  occur when things are different from planned,
  sometimes called omissions and errors
• Above Beyond Program Design
• Core EAP design addresses risk with controls
  policies, technical support (eHEAT), segregation
  of duties monitoring services and financial
  activities. EAP has controls to reduce the
  possibility of the actions of an individual
  creating incident, error or fraud.
• Service Providers create detailed plans for their
  activities to assure, among other things,
  segregation of duty back up plans if loss of
  staff.

5
Risk Management
Risk Management

• Risk management involves
• Determining
• Assessing
• Planning
• Monitoring
• Mitigating

6
Risk Management
EAP Role In Risk Management

• General Expectations
• Acknowledge your responsibility to design,
  implement maintain the control structure
• Contribute direction to identify, prioritize and
  review risks and controls
• Remove obstacles for compliance remedy control
  deficiencies
• Conduct self-assessment testing to monitor the
  controls within your processes
• Routinely (Quarterly)
• confirm key controls are implemented and
  effective
• maintain documentation to support this assessment
  
• Immediate Action Items
• Educate your personnel about this effort
• Reinforce internal focus on controls within your
  area
• Surface any risks, concerns or issues promptly to
  allow adequate attention for correction
• Fix control gaps as soon as possible

7
Risk Management
Risk Considerations

• Evaluate the nature types of errors omissions
  that could occur, i.e., what can go wrong
• Consider significant risks (errors and omissions)
  common in the industry or have been experienced
  in prior years (ex. Mich, Penn)
• Information Technology risks (i.e. - access,
  backups, security, data integrity,
  non-segregation of duties)
• Areas where segregation of duties would reduce
  risk
• Volume, size, complexity and homogeneity of the
  individual transactions processed through a given
  account or group of accounts (revenue,
  receivables)
• Susceptibility to error or omission as well as
  manipulation or loss
• Robustness versus subjectiveness of the processes
  for determining significant estimates
• Extent of change in the business and its expected
  effect
• Other risks extending beyond potential material
  errors or omissions in the financial statements

8
Risk Management
Risk Considerations

• Consider a railroad crossing and developing
  appropriate controls

• A rural road with little traffic slow train, a
  sign

• A busier road train is faster, add lights
  crossing sign at tracks

9
Risk Management
Risk Management Mechanics

• The risk assessment tool reduces risk when used
  to identify, assess, plan for maintain routine
  monitoring of risk areas

10
Risk Management
Risk Management Mechanics
Uncertainty Item Result of Occurrence Probability of Occurrence Severity of Impact Response Indicators
What Geared towards events that may occur when things are different from planned sometimes called omissions and errors. Drive around gates Narrative of the outcomes if the event occurs Calculate damage School bus is very sad bad publicity Designate likelihood of event and, if helpful, a description of why the probability was selected People in this county go around Designate a level of impact if the event occurred. If applicable, a description of why the probability was selected. Slow train, low impact injury Describes what to do when you find out On rural road the injuries might be measured by EMT response time. Maybe different Preparedness for different users. (Bus tanker rules) Describes how the event becomes known
How Brainstorm with staff Reduce list Assess using this matrix. This is iterative, so change or eliminate as you learn Review periodically Describe what happens. Be as complete as possible. This helps to determine severity, response and indicator Can use rating of High, Medium and Low with narrative prose. Can use rating of High, Medium and Low with narrative prose. Key response off Result, Probability Impact. Depending on combinations, responses include 1. Prevent 2. Check Routinely 3. Response Plan ID ways event is discovered develop ways to monitor for if weaknesses are discovered. Enact these measures
11
Item Example
Uncertainty Item
Matrix Cell Direct Payments to household. Direct payments remove a check point from normal EAP controls by removing vendor registration and vendor cross checks. Could include an application processor fabricating households. If combined with falsifying households for application, multiple direct payments could be generated
Consider-ations Programmatic Controls places limits, but risk still exists. Risk manage- ment looks the Items beyond the limits EAP excepts limited risks, but this assures due diligence is done for the omissions. Program Controls EAP pays energy vendor. DOF, DOC eHEAT registration. Vendors and households gets notification. Policy Households may receive direct payments when payment to vendors is difficult. Self cut wood receive amount remaining after benefit is distributed Households with electric and heat included in the rent. Households with heat included in rent, and only exceeds their electric costs Households whose vendors refused to sign the vendor agreement. Households unable to secure a vendor.
12
Item Example
Result of Occurrence
Matrix Cell Household receives one or more cash benefit Benefit is used for non intended purposes or misused by household Very bad publicity for program affects services to others in need, when 5 Eye Witness News reports people cashing it at local bar Multiple direct payments by one person would result in services not available for other households in need
Consider-ations Thinking of results is also constrained by the program rules
13
Item Example
Probability of Occurrence
Matrix Cell Low to Medium For a single household Medium For conspiracy with an Application processor Low
Consider-ations Conspiracy reduces the probability, but this must be considered with the ease, the payback and the penalty A higher payback makes it more worth the risk Conspiracy makes it complicated to keep secret In this example For the household The penalty is low The payback is medium considering penalty For the Application processor - Penalties are high (Job) Payback is higher
14
Item Example
Severity of Impact
Matrix Cell Low to Medium For a single household Low For conspiracy with an Application processor high
Consider-ations Low because of limits on benefit amounts unless multiple
15
Item Example
Response
Matrix Cell Require accounts whenever possible Recover funds when it occurs File Incident Report Investigate incident and escalate appropriately (Error and Fraud) Terminate staff if involved
Consider-ations Plan for the response and educate people
16
Item Example
Indicators
Matrix Cell Report from concerned citizen Pattern of direct payments to a similar addresses, name etc. (Data analysis) An inordinate amount of direct payments for an SP without socio economic reason (eHEAT data) Inordinate number of direct payments form a particular Application Processor (Files and eHEAT)
Consider-ations The first bullet is a common way to hear about this but developing ways to monitor is the maturation of risk management
17
Risk Management
Risk Management Example
Uncertainty Item Result of Occurrence Probability of Occurrence Severity of Impact Response Indicators
Direct Payments to household. Direct payments remove a check point from normal EAP controls by taking vendor registration and vendor cross checks. Could include an application processor fabricating households. If combined with falsifying households for application, multiple direct payments could be generated. Household receives one or more cash benefit Benefit is used for non intended purposes or misused by household Very bad publicity for program affects services to others in need, when 5 Eye Witness News reports people cashing it at local bar Multiple direct payments by one person would result in services not available for other households in need Low to Medium For a single household Medium For conspiracy with an Application processor high but conspiracy requires more risk of secrecy and penalty Low to medium For a single household Low For conspiracy with an Application processor high especially with if multiple households Limit occurrences of direct payments by having system distribute to next available vendor. For risk areas Require accounts whenever possible Recover funds when it occurs File Incident Report Investigate incident and escalate appropriately (Error and Fraud) Terminate staff if involved Report from concerned citizen Pattern of direct payments to a similar addresses, name etc. (Data analysis) An inordinate amount of direct payments for an SP without socio economic reason (eHEAT data) Inordinate number of direct payments form a particular Application Processor (Files and eHEAT)
18
Risk Management
Risk Management and EAP

• The Local Plan requires risk assessment.
• The State has started to conduct formal risk
  assessment
• State Service Providers identify risk and use
  program specific knowledge to do diligent
  planning, monitoring and actions for these risks.
• The State will continue to develop risk
  management requirements and practices. Examples
  include
• Duplication Checks and other queries
• The FFY2010 Local Plan is a first step of
  formalizing the SP process
• SP should design practices to improve it
• DOC will support the development of competency in
  this area
• DOC will conduct risk management activities

19
Risk Management
Dup Check

• Dup Check is not a Russian hockey player
• Dup Check is not a quality control effort
• Dup check is a risk mitigation activity
• EAP must do due diligence on risk areas to assure
  responsible management of public funds

20
Risk Management
Why Dup Check on Vendor Accounts?

• Payments to vendors accounts is the main way
  money money flows
• Using it as a key, there cross checks with other
  data

HH_NBR FIRST_NM LAST_NM SSN DOB CUST_ACCT_NM VNDR_NM HOUSE_NBR STREET APT_NBR CUST_ACCT_NBR
111111 CAROL NUMBERSWITCH 717449103 16-Feb-51 CAROL NUMBERSWITCH CPE 3828 LIAR AVE S ltnullgt 1111111
888888 CAROL NUMBERSWITCH 414779103 16-Feb-51 CAROL NUMBERSWITCH S CPE 3828 LIAR AVE ltnullgt 1111111
222222 SPACEY EL ROY 472111111 03-Jul-58 SPACEY ELROY CPE 1410 GERRYRIG AVE 2 2222222
999999 TOUHY SHAM ELROY 475222222 06-Dec-82 SPACEY EL ROY CPE 1410 GERRYRIG AVE 1 2222222
333333 WANDA TRICKYBERGER 472111111 24-Oct-68 ERNEST TRICKYBURGER CPE 4208 12TH AV S ltnullgt 3333333
666666 WANDA TRICKYBERGER 475222222 24-Oct-68 WANDA TRICKYBERGER CPE 4208 12TH AVE S ltnullgt 3333333
21
Risk Management
Dup Check Procedure for FFY2010

• Overview
• DOC will periodically produce a matching account
  numbers list (Early often to keep effort
  sizable).
• SP will receive a secure email with their list.
• SP investigates by performing the following
  processes
• Analyze validate reason match is correct
• Escalate as needed (Detail in the following
  slides)
• Take appropriate corrective action
• Document results and report

22
Risk Management
Dup Check Procedure for FFY2010

• Step 1 Validate the Reason for Match Is Correct
• If you know a valid reason for duplication enter
  the reason for the duplicate vendor account
  number on the spreadsheet
• Look at paper application and file. Determine
  probable reason and escalate appropriately.
• Ask household(s) to explain if appropriate
  occurrences and record finding in list
• Examples One household moved out and now rents
  the house to a relative who applied for EAP.
  Building has multiple units with one landlord
  account.

23
Risk Management
Dup Check Procedure for FFY2010

• Step 2 Duplicate Application Error
• Take corrective action including recalling funds
• Close duplicate applications
• Record an explanation of your determination on
  the spreadsheet

24
Risk Management
Dup Check Procedure for FFY2010

• Step 3. Duplicate Application Fraud Suspected
• Review previous years and review all the
  information provided
• Take corrective action including recalling funds
• Submit an incident report
• Close duplicate applications
• Record an explanation on the spreadsheet
• Investigate fraud, report to officials and
  follow EAP Policy Manual Chapter 17

25
Risk Management
Dup Check Procedure for FFY2010

• Step 4 Return list with validation or actions to
  DOC
• The completed list (Excel spreadsheet) with
  explanations is due at eap.mail_at_state.mn.us
• A deadline will be prescribed. DOC tracks
  compliance.
• Delete the households private data (name, SSN,
  address, vendor account name) before returning
  the spreadsheet. Contact your EAP field
  representative if you have any questions.

26
Risk Management
Dup Check Procedure for FFY2010

• Best Other Practice
• Applications with the same vendor for Heat
  Electric should list the vendor once, choose heat
  and electric as vendor type. Less likely to get
  false positives for risk and best for application
  processing.
• Need to report issues and non issues. As a
  program we need to assure we have done due
  diligence to protect the integrity of the program
• Late report will result if you dont respond to
  request

27
Data Practices in the EAP Manual
Risk Management

• Chapter 19. DATA PRACTICES AND RECORDS p. 120

28
Chapter 19. DATA PRACTICES AND RECORDS
Risk Management

• Data Practices Policies and Procedures, Private
  Data
• Who has access
• Who does not
• Must be released to the individual or to a 3rd
  party with consent
• Social Security Number for EAP Applications
• Optional

29
Chapter 19. DATA PRACTICES AND RECORDS
Risk Management

• Application Documentation, p. 122
• Where and how to save application documentation
• Security Of Records, p. 123
• List of requirements to secure records
• Records Accessibility, p.124
• What it means to have access to records
• Reasons for maintaining access to records
• Record Retention Requirements, p.124
• Records to retain

30
Informed Consent For Release Of Information
Risk Management

• Informed consent is needed when the information
  will be given or sent to a third party.
• Example Garnishment information requests often
  go to an attorney
• Informed consent are key words that need to be
  taken at face value
• The statute is very specific about what must be
  included in an informed request

31
Data Practices Focus
Risk Management

• Develop a good working relationship with the data
  practices contact in your agency, if there is one
• Plan Have a written policy
• Who will have authority to see private data
• Who will have authority to release private data
• How your agency will maintain data security in
  all situations
• How you will request private data and document
  the request
• How you will maintain documentation of requests
  for private data
• How you will train staff on data privacy
  requirements
• Use centralized authority in the agency, if any
• Centralize authority in EAP, if possible

32
Plan - Local Procedures Needed
Risk Management

• To request information allowed by the application
  consent so the request is done in a consistent
  manner and so each request is documented
• Best practice is for the local procedures to use
  a form for requesting information by letter or
  e-mail and a format for documenting a request by
  telephone

33
Minnesota Department of Administration
Information Policy Analysis Division IPAD
Risk Management

• The State authority on Data Practices
• If you have questions about information policy
  laws, including Minnesotas Data Practices Act
  and the Open Meeting Law, youre at the right
  place. Look over the resources on this website or
  give us a call. (Copied from IPAD website)
  http//www.ipad.state.mn.us

34
New Technology New Data Practices
Risk Management

• Laptop Security
• Imaging Equipment
• Data access
• Data storage
• Data retrieval and back-up
• Best Practice Before destroying paper documents
• Make sure it all works
• Every imaged document is accessible and as
  readable
• No problems exist regarding record retention

35
Electronic Records Management Guidelines
Risk Management

• Recommended by IPAD
• Minnesota Historical Society
• http//www.mnhs.org/index.htm - home page
• http//www.mnhs.org/preserve/records/electronicrec
  ords/erintro.html
• Imaging/scanning and storage of household files
• Which Minnesota laws apply to electronic records?
  
• How do we use electronic records to help ensure
  public accountability while ensuring that
  not-public records are protected?
• Who is responsible for developing our electronic
  records management strategy?
• How do we dispose of electronic records?
• Should we manage our electronic records
  differently from our paper records?
• How do we know what information is an electronic
  record?
• Is an electronic copy of a record an acceptable
  substitute for the original?
• Does an electronic record have the same legal
  significance as a paper record?

36
eHEAT Security and Agreements
Risk Management

• Levels of authority
• State Data Base Administrator
• Local (or vendor) eHEAT Administrators
• Administrative Change Process, Chapter 3, p. 16
• Local (or vendor) users
• AgreementsAnnual
• See EAP Tools on website www.energy.mn.gov

37
Summary of Data Practices
Risk Management

• Staff should know
• What private data is and how it relates to EAP
• What data they can reveal and what they need to
  do to assure they arent violating data privacy
• How to document information they have revealed
• Staff with authority to release private data
  should know
• All of the above
• The SP-approved processes for following up on
  data requests
• Agency management should
• Support the data practices activities with
  knowledge and practical resources

38
Debtors Exemption Claims
39
Debtors Exemption Claims (Issue)

• Collection Firms are asking for information
  beyond what the manual states that we have to
  tell them
• They are saying that unless we tell them when
  payments were made, they will not honor the
  garnishment exemption (sometimes people lie)
• We need a universal form that gives only the
  information that they need

40
Debtors Exemptions Claims (Solution)

• You dont need to be experts in the law but you
  do need to know and understand it
• There were changes made to the law for 2009
• Garnishment firms need to be told EAP rules and
  timelines by you
• You are the EAP expert!

41
Debtors Exemption Claims

• Many of you may have already seen these requests
• A household is being pursued to pay a debt by a
  third party collection agent that may or may not
  be an attorney
• The collection agents use tools like garnishment
  of wages and levies aka Freezing of the bank
  accounts
• The law provides certain protections of some or
  all of their money in certain situations, for
  certain people
• The form used to claim these protections is
  called an Exemption Notice

42
Debtors Exemption Claims

• Some or all of their money is protected if
• The source of the money is Government benefits
  such as Social Security benefits Unemployment
  benefits Workers' compensation or Veterans
  benefits
• They currently receive other assistance based on
  need
• They have received government benefits in the
  last six months
• They were in jail or prison in the last six
  months
• Some or all of their earnings (wages) are
  protected if
• They get government benefits (see list of
  government benefits)
• They currently receive other assistance based on
  need
• They have received government benefits in the
  last six months
• They were in jail or prison in the last six
  months

43
Debtors Exemptions Claims Law

• The legislation, which will become effective on
  Aug. 1, 2009, updates the exemption process and
  makes technical changes to the current law
• The legislation modifies legal requirements
  regarding levies and garnishments and expedites
  the process for both the creditor and debtor and
  makes the following revisions to the current
  garnishment law
• Modifies the process
• Updates forms
• Creates a new notice of intent to garnish
• Alters the exemption form and creditors
  exemption form and
• Adjusts timing requirements.
• It does not change the intent of existing law or
  impact current or future case law (quote from the
  new law)

44
Debtors Exemption Claim Laws

• Website MN office of the Revisor of Statues
• Index of the laws relating to Fuel Assistance in
  MN
• https//www.revisor.leg.state.mn.us/statutes/?topi
  c202092
• Address of the website with the new law
• https//www.revisor.leg.state.mn.us/laws/?id31do
  ctypechapteryear2009type0

45
Debtors Exemption Claim Form

• Section 1. Minnesota Statutes 2008, section
  550.143, is amended to read 550.143 LEVY ON
  FUNDS AT A FINANCIAL INSTITUTION.
• Form of notice. The notice required by
  subdivision 3 must be provided as a separate form
  and must be substantially in the following form
• EXEMPTION FORM
• HOW MUCH MONEY IS PROTECTED.....
• I claim ALL of the money being frozen by the bank
  is protected......
• I claim SOME of the money is protected. The
  amount I claim is protected is .......

46
Debtors Exemption Claim Form

• WHY THE MONEY IS PROTECTED
• My money is protected because I get it from one
  or more of the following places (Check all that
  apply).....
• Government benefits include, but are not limited
  to, the following
• MFIP - Minnesota family investment program, MFIP
  Diversionary Work Program, Work participation
  cash benefit, GA - general assistance, EA -
  emergency assistance, MA - medical assistance,
  GAMC - general assistance medical care, EGA -
  emergency general assistance, MSA - Minnesota
  supplemental aid, MSA-EA - MSA emergency
  assistance, Food Support, SSI - Supplemental
  Security Income, Minnesota Care, Medicare part B
  premium payments, Medicare part D extra help,
• Energy or fuel assistance.

47
Debtors Exemption Claim Form

• Government benefits also include..... Social
  Security benefits..... Unemployment benefits.....
  Workers' compensation..... Veterans benefits
• If you receive any of these government benefits,
  include copies of any documents you have that
  show you receive Social Security, unemployment,
  workers' compensation, or veterans benefits......
  
• Other assistance based on need You may have
  assistance based on need from another source that
  is not on the list. If you do, check this box,
  and fill in the source of your money on the line
  below
• Case Number..... County ... Source .....
• Include copies of any documents you have that
  show the source of this money.
• Some of your earnings (wages) are protected

48
Debtors Exemption Claim Form

• OTHER EXEMPT FUNDS
• The money from the following are also completely
  protected......
• An accident, disability, or retirement pension or
  annuity.....
• Payments to you from a life insurance policy.....
  
• Earnings of your child who is under 18 years of
  age.....
• Child support
• Money paid to you from a claim for damage or
  destruction of property
• Property includes household goods, farm tools or
  machinery, tools for your job, business
  equipment, a mobile home, a car, a musical
  instrument, a pew or burial lot, clothes,
  furniture, or appliances......
• Death benefits paid to you

49
Debtors Exemption Claim Form

• I give permission to any agency that has given me
  cash benefits to give information about my
  benefits to the above-named creditor, or its
  attorney.
• The information will ONLY concern whether I get
  benefits or not, or whether I have gotten them in
  the past six months
• If I was an inmate in the last six months, I give
  my permission to the correctional institution to
  tell the above-named creditor that I was an
  inmate there.
• There are additional instructions and timelines
  in the new law that I did not include here, but
  would encourage you all to take a look at so
  youre familiar

50
Debtors Exemption Claims and EAP

• A person's wages are exempt if they currently
  receive need based aid, or have been a recipient
  within the last 6 months
• Households are now required to provide bank
  statements with the exemption notices
• The creditor is looking for some proof that the
  debtor currently receives EAP or was a recipient
  in the last 6 months
• Will need additional help from us unless they
  received a direct payment
• A benefit statement from us will suffice
• So, heres what you need to do
• The new export will contain information on
  payments and dates
• Redact what is unnecessary (payment amounts)
• If they demand more you can refer them to the
  state

51
Debtors Exemption Claims and EAP

• You are the EAP experts
• You have the support of DOC and our timelines for
  eligibility is clearly documented in our EAP
  policy manual
• Once determined eligible a household is eligible
  until the end of the program year (September 30)
• They are still protected for 6 months after they
  last received assistance

52
Debtors Exemption Claim Notice

• The Debtors Exemption Claim Notice is a type
  of Informed Consent form (Appendix 19B) and will
  be updated to reflect the new statues
• New template letter for providing the information
  that will meet the legal requirements and reflect
  EAP policy guidelines

53
Data Security and You!
Risk Management

• Richard Gooley Chief Information Security Officer
• Minnesota Department of Commerce

54
Data Security and You!
Risk Management
55
Executive Summary
Risk Management

• Be cyber smart Sec rity needs U!
• Security is everyones responsibility
• Security doesnt need to be intimidating
• Security doesnt have to cost an arm and a leg

56
Agenda
Risk Management

• 7 Top Tips for Keeping Your Data Secure
• Identify and guard sensitive information
• Create bulletproof passwords
• Use secure email
• Protect your computer
• Keep your computer patched
• Properly dispose of information no longer needed
• Be mindful of social engineering
• Excellent Resources for Free Stuff!
• Questions and Discussion

57
7 Top Tips for Keeping Your Data Secure
Risk Management

• aka How to Keep Out of Current Events

58
7 Top Tips for Keeping Your Data Secure
Risk Management

• Tip 1 Identify and guard sensitive information
• Dumpster diving
• What sensitive information do you work with?
• Social Security Number
• Addresses
• Children
• Household income
• Private financial information

59
7 Top Tips for Keeping Your Data Secure
Risk Management

• Tip 2 Create bulletproof passwords
• Weak passwords are all too common
• They are easy for users to remember.
• They include personal information about the user.
• They consist of known words found in many hacker
  password dictionaries.

60
7 Top Tips for Keeping Your Data Secure
Risk Management

• Examples of bulletproof passwords
• eX_at_mp13s0f
• Bu!1e7Pr0of
• Do you know my address?
• DUKma?45410akland

61
7 Top Tips for Keeping Your Data Secure
Risk Management

• Tip 3 Use secure email
• All email from The State containing private data
  will be sent using secure email
• Method for retrieving secure email
• Use link in email to go to The States secure
  site
• Establish password
• Retrieve email and attachments
• Retain password for future use

62
Example of Secure email from The State
Risk Management
63
Establish/enter password
Risk Management
64
Retrieve email/attachment
Risk Management
65
Secure email
Risk Management

• What is TLS encryption?
• Transport Layer Security   TLS is a standard
  protocol that is used to provide secure Web
  communications on the Internet or intranets. It
  enables clients to authenticate servers or,
  optionally, servers to authenticate clients. It
  also provides a secure channel by encrypting
  communications. TLS is the latest version of the
  Secure Sockets Layer (SSL) protocol.

66
Secure email TLS encryption
Risk Management
67
7 Top Tips for Keeping Your Data Secure
Risk Management

• Tip 4 Protect your computer (with your life!)
• Wheres my laptop?

68
7 Top Tips for Keeping Your Data Secure
Risk Management

• Tip 5 Properly dispose of information no longer
  needed
• Where's that usb drive?

69
7 Top Tips for Keeping Your Data Secure
Risk Management

• Tip 6 Keep your computer patched

70
Patch Management
Risk Management

71
7 Top Tips for Keeping Your Data Secure
Risk Management

• Tip 7 Be mindful of social engineering
• Know thy neighbor

72
All I did was smile and they let me in the door

Risk Management
73
Excellent Resources for Free Stuff!
Risk Management
74
https//www.act-online.net/
Risk Management
75
Business Continuity Disaster Recovery
Risk Management
76
www.flu.gov
Risk Management
77
Excellent Resources for Free Stuff!
Risk Management

• Tools to wipe drives when disposing computer
• www.killdisk.com/
• www.diskwipe.org/
• Free anti-virus protection for home use
• www.free.avg.com/
• Some Internet Providers offer free anti-virus

78
Excellent Resources for Free Stuff!
Risk Management

• www.act-online.net
• www.killdisk.com
• www.diskwipe.org
• www.free.avg.com
• www.msisac.org
• Business continuity and Disaster Recovery
• www.disaster-recovery-guide.com
• www.flu.gov
• www.drj.com
• www.ready.gov

79
Conclusion
Risk Management

• Security is everyones responsibility
• Security doesnt need to be intimidating
• Security doesnt have to cost an arm or a leg