Security Awareness Training
According to FedRamp regulations all users of the ADRF have to undergo a security awareness training before being able to access the computing environment, and yearly thereafter. This is to make sure that all users are aware of best practices and policies addressing safe data usage. The security training informs users about:
- Privacy, confidentiality, personally identifiable information (PII)
- Information security and regulations that mandate the protection of IT assets
- Best practices to secure IT assets and data in and out of the office
- Threats to information and privacy and the correct way to respond to a incident
You can start the training by clicking on the start button under Security Awareness Training on the onboarding page. There are three videos for you to watch. In order to complete the training successfully you have to take a test after watching the videos. Thus, taking some notes while watching the video can be good.
You can also watch the videos of the training below.
Your access to systems and networks owned by NYU is governed by, and subject to, all Federal laws, including, but not limited to, the Privacy Act, 5 U.S.C. 552a, if the applicable ADRF system maintains individual Privacy Act information. Your access to the ADRF system constitutes your consent to the retrieval and disclosure of the information within the scope of your authorized access, subject to the Privacy Act, and applicable State and Federal laws. This means:
- The system is only to be used for authorized projects.
- You must not retrieve information, or in any other way disclose information, for someone who does not have authority to access that information.
Please keep these rules in mind when working in the ADRF:
- Maintain the confidentiality of your authentication credentials such as your password. Do not reveal your authentication credentials to anyone; ADRF staff should never ask you to reveal them.
- Follow proper logon/logoff procedures. You must manually logon to your session; do not store your password locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended while logged into the system.
- Do not establish any unauthorized interfaces between systems, networks, and applications owned by NYU.
- Report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to ADRF to [email protected] and [email protected].
- Do not post any data or other information that has not been through a formal disclosure review process (ADRF Export) on any social media or networking sites.
- Do not take out any information (data, tables, graphs, metadata, etc.) from the ADRF without undergoing disclosure control at any time. This means, do not take screenshot or write down results, or make any other form of notes. Any output you want to display publicly e.g. a website or on social media has to be released by going through the ADRF export process.
- Usage of public or private external websites on ADRF is strictly prohibited and should be reported immediately, this includes but is not limited to social media/networking websites.
Data Use and Non-Disclosure Agreements
Data accessed in the ADRF are sensitive in nature and thus protected by law in most of the cases. This means that for every dataset in the ADRF there is a data use agreement in place that provides the legal foundation around access. You will need to sign the data use agreement and/or associated non disclosure agreement during the setup of your project space.
It is important that you adhere to the Data Use Agreement and/or Non-disclosure agreement you signed. Please keep a copy of the document you signed and make sure you fully understand your responsibilities. Please find below the most important points to keep in mind.
- Disclosure of data should not happen at any time during your research project. Disclosure of data is every output you take out of the ADRF without going through the export process. This includes but is not limited to taking handwritten notes, taking screenshots or pictures, talking to somebody who is not on your project about specifics in the data, and working in a public space where external people might see your screen.
- Anyone who knows or has reason to believe that another person has violated these processes should report the matter promptly to ADRF.
- Consequences for unauthorized disclosure are disciplinary actions, up to and including termination of data access and any penalties outlined in the underlying data use agreement of the data being used.
- Any attempt to retaliate against a person for reporting a failure to follow these processes may itself be considered a failure to follow these processes.