Training Users About Security Requirements

Each site's security administrator ensures users are trained. The security administrator should hand off the following rules to new employees and remind existing employees of these rules from time to time.

Your organization may wish to provide additional suggestions beyond those listed below.

Users' Security Rules

Anyone who knows your password can access the same information that you can without being identified and therefore without being accountable.

Do not tell anyone else the password.

Do not write the password down or include it in an email message.

Choose passwords that are hard to guess.

Do not leave your computer unattended without locking the screen or logging off.

Be aware that sender information in email can be forged.

Remember that administrators do not rely on email to send instructions to users. Do not ever follow instructions from administrators in an email without first double-checking with the administrator.

Do not send your password to anyone by email.

Because you are responsible for the access permissions on files and directories that you create, make sure that the permissions on your files and directories do not allow unauthorized users to read or change a file or list the contents of or write into a directory.