Security of Information: Difference between revisions
mNo edit summary |
mNo edit summary |
||
Line 1: | Line 1: | ||
[[Category: | {{header}} | ||
[[Category:Server Administration]] | |||
{{DocRelInfo | {{DocRelInfo | ||
|articlenumber = 7CAV-R-028 | |articlenumber = 7CAV-R-028 |
Revision as of 22:30, 19 February 2024
This is the Document Release Information | |
Article Number: | 7CAV-R-028 |
Scope: | Security of Information |
Version: | Version 1.0 |
Effective Date: | 14 APR 19 |
Last Modified Date: | DDMMMYYYY |
Approving Authority: | Regimental Commanding Officer |
Point of Contact: | Regimental Chief of Staff |
Security of Information
Security of information protects the safety of our infrastructure (website, wiki, servers and hardware) and our proprietary content. It is important that we all help to keep both secure.
Passwords
- Personal passwords for the Website/Echelon/Battlemetrics/Owncloud and others: Your personal passwords are your responsibility. If someone gains access to your password and you are a MILPACS clerk for example, a lot of damage could be done to our database. You must ensure your password is kept private and secure at all times. It is recommended that you change the password on a regular basis. Consult https://en.wikipedia.org/wiki/Password_strength for information on password strength.
- Server admin passwords: These passwords are intended for certain levels of leadership and positions to allow them to administer the server/change maps etc. These passwords are passed on by the Chain-of-Command in your primary or support billet and are not to be shared with anyone else. If someone asks you for the server admin password, refer them to the Chain-of-Command.
- Password protected training servers: The password for training servers should never be given to a member of the public or be displayed in such a way that a member of the public can see them.
- Password protected public event servers: The password for event servers should be different from the training servers and should be easily remembered. Its main purpose is simply to prevent random members of the public from joining the event server while in use for events. It should be changed on a monthly basis at least and can be given to other organizations for the purpose of having them join the server to participate in joint events.
- TeamSpeak: The TeamSpeak password is simply to keep random members of the public or players on our game servers from joining with the intent to troll. The security level we have set on the TeamSpeak server also helps to prevent this. This password may be given to the public with the intent of getting them into TeamSpeak for the purposes of recruiting. This includes recruiting posts on game developer forums, Steam, etc.
Field Manuals
Field manuals are documents that are created to be a resource for members in support of training courses developed by members of the unit. Field manuals may be shared publicly for the purpose of recruiting potential members into the unit.
Lesson Plans
Lesson plans are documents that spell out in detail how a specific course is to be run. These are not to be shared publicly. It's one thing to share battle drills, it's another to spell out how to teach them in a private setting. These documents are restricted to instructors who have a need to access them for the purpose of teaching a class.
Privileged Communications
This refers to communications and information that is passed to you confidentially, or to information regarding Regimental business.
You are expected and required to respect confidentiality when you possess information that is sensitive or of a personal nature. Obviously whether confidential or not, it is necessary to communicate this in some way through the chain of command to people who can assist or advise you, but you need to do it in a way that ensures it stays confidential.
Example: Trooper A tells you that someone has been harassing him.
This is a scenario that should be handled confidentially as should all discipline. Discipline is a matter between the leader and the subordinate and potentially people higher up in the chain of command, depending on the seriousness of the situation. In this example, it's a fairly serious matter, and one that should immediately be brought to the attention of your CoC. It should be discussed privately with them. You don't need to withhold information, but you should make sure not to discuss it with anyone else and you should be able to trust that your CoC won't either.