4) Safety, Environment, & Policy Flashcards
Safety: Equipment Grounding
Most computer products connect to ground.
Also applies to equipment racks.
Don’t remove the ground connection.
Never connect yourself to an electrical ground.
(Not a way to prevent ESD)
Safety: Proper Component Handling/Storage
ESD Straps
ESD Mats
Antistatic Bags
Self-grounding
Safety: Toxic Waste Handling
Batteries - Dispose @ hazardous waste facility
Toner - Recycle! Manufacturer return box
CRT - Dispose @ hazardous waste facility (lead in glass)
Cell Phones/Tablets - Wipe data; manufacturer recycling program. Do not throw in trash.
Personal Safety: Disconnect Power, Remove Jewelry
Disconnect power before operating on any electronic.
Remove jewelry & name badge neck straps
Use breakaway lanyards.
Personal Safety: Lifting Techniques, Weight Limitations
Lift with your legs, keep your back straight.
Don’t carry overweight items.
You can get equipment to lift.
Personal Safety: Electrical Fire Safety, Cable Management
Use a class C fire extinguisher.
Don’t use water/foam.
Use carbon dioxide, FM-200, or other dry chemicals.
Remove the power source.
Avoid trip hazards. Use cable ties/velcro
Personal Safety: Safety Goggles, Air Filter Mask
Goggles:
Useful when working with batteries/chemicals
Good for printer repair & toner
Air Filter Mask:
Dusty computers
Printer toner
Safety: Compliance with Government Regulations
Health & safety laws vary widely depending on location.
Keep workplace hazard-free.
Ex: Building Codes (fire prevention, electrical codes) Environmental Regulation (high-tech waste disposal)
Environment: MSDS Documentation
Material Safety Data Sheets (sometimes SDS)
US Dept of Labor, Occupational Safety & Health Admin
www.osha.gov or manufacturer website
Provides info for all hazardous chemicals: Product/company info Hazard info Composition/ingredients Fire-fighting measures Accidental release/leaking Handling/storage Etc
Environment: Temperature, Humidity, Awareness, Proper Ventilation
Temperature - Devices need constant cooling (so do humans)
Humidity - 50% is a good number High humidity (condensation) Low humidity (static discharges)
Proper ventilation - computers generate heat\
Don’t put everything in a closet
Environment: Power Surges, Brownouts, Blackouts
UPS (Uninterruptible Power Supply)
Backup power
Protects from brownouts/blackouts/surges
Surge Suppressor - Surge absorption in joules
200 (good), 400 (better), 600 (ideal)
Not all power is clean
Self-inflicted power spikes & noise, storms, power grid changes
Spikes are diverted to ground.
Noise filters remove line noise (higher dB, better)
Environment: Airborne Particles
Enclosures
Protect computers on a manufacturing floor
Protect from dust/oil/smoke
Air filters/mask
Protest yourself against the same airborne particles
Dust in cases/laser printer toner
Environment: Dust & Debris
Use a neutral detergent
No ammonia-based cleaning liquids (avoid isopopyl)
Compressed air
Vacuums
Use a “computer” vacuum (anti-static)
Environment: Compliance with Government Regulations
Environment regulations may have specific controls.
Hazardous waste, batteries, computer components, paper
Incident Response: First Response
Identify the issue (logs, in person, monitoring data)
Report through proper channels - don’t delay
Collect/protect info relating to an event
Data/device preservation
Incident Response: Documentation
Documentation must be available
Gather as much info as possible (notes, pictures, etc)
Documentation always changes (constant updating)
Use a wiki model
Incident Response: Chain of Custody (CoC)
Control evidence (maintain integrity)
Everyone who contacts the evidence (avoid tampering)
Use hashes to verify any changes
Label/catalog everything (seal/store/protect)
Digital signatures
Licensing/DRM/EULA: Open-Source vs. Commercial License
Closed source/Commercial - source code is private
End user gets compiled executable
FOSS (Free & Open Source)
Source code is freely available
End user can compile their own executable
EULA (End User Licensing Agreement)
Determines how software can be used
DRM (Digital Rights Management)
Used to manage the use of software
Licensing/DRM/EULA: Personal vs. Enterprise LIcense
Personal License
Designed for the home user
Usually associated with a single device (single user)
Perpetual (one time) purchase
Enterprise License
Per-seat purchase / Site license
The software may be installed everywhere
Annual renewals
Regulated Data (PII, PCI, GDPR, PHI)
PII - Personally Identifiable Information
Handling PII usually documented in Privacy Policy
PCI DSS - Payment Card Industry Data Security Standard
Standard for protecting credit cards
GDPR - General Data Protection Regulation
Created by European Union
Data protection/privacy for individuals in the EU
Name/address/photo/email/bank/social media/medical
Controls export of personal data
PHI - Protected Health Information
Health info associated with an invididual
Health status, records, payments, & more
HIPAA Regulations
Follow All Policies & Security Best Practices
Policies
General IT guidelines
Determines how tech should be used
Processes for handling important tech decisions
Security Best Practices
Some security techniques are accepted standards
Covers processes & technologies
What happens if there’s a breach?
