Re: Data before joining a Company!

[Jason Edelstein <jasone () UCHICAGO EDU>]

I'd say I'd need more information to be certain of the best answer here. 
Some minimal thoughts:

1. If these basic tutorials do not go through any sensitive information 
or give a prospective individual any permanent access before the 
appropriate time, that lowers the risk of doing them.

2. If these tutorials are public or simple HR processes that don't 
reveal anything unique that could turn these candidates into insider 
threats (I'm thinking of people who know enough to hurt your institution 
if they don't get the job), that also lowers the risk of doing them.

3. If HR wants to do these but they continue to pose a risk, perhaps 
working with HR to come up with a compromise where they have a digital 
"handout" instead of giving real access or something else.

We are fairly liberal in our HR processes: we allow HR to issue IDs to 
individuals before their formal paperwork is completed, but in doing so 
they end up gathering a lot of personal information about a person, so 
an incident is fairly easy to resolve in the rare case one comes up.

-je-

On 7/19/20 12:45 AM, Uday Kiran wrote:
> Hope you are all safe and sound! Your feedback/advice will be very 
> helpful in the below situation.
>
>
> We have a requirement that candidates who are shortlisted for a job 
> opportunity have to go through our basic tutorials of University’s 
> processes and procedures, along with some FAQs the candidates have 
> about their residency, perks and how to use them.
>
> However, Information Security raised an alert to HR that before a 
> candidate joins the organization it is unsafe to do these stuff, 
> nonetheless, they wanted to improve the accessibility and time for 
> candidates as well as to them; also these will be shared to the 
> candidates’ personal email ID (of course we cannot assign an email ID 
> before he/she joins the university).
>
> Seeking your feedback if you have any such experiences or advices. 
> Please share.
>
>
> Thanks & Regards,
>
> *Uday Kiran*
> Senior Specialist – Information Security
> Office of Dir. Digital Technologies
>
>         
>
>
>
>
>
> Uday Kiran
> Snr Spl – Information Security
> Office of Dir. Digital Technologies     
> اوداي كيران
> أخصائي أول - أمن المعلومات
> تكنولوجيا المعلومات
>
> Main logo       Direct.: 9712 206 1182
> Mobile: +971 56 501 1182
> Email: ukiran () hct ac ae <mailto:ukiran () hct ac ae>
> P.O.Box: 25026, Abu Dhabi, United Arab Emirates         
>
>
> 	www.hct.ac.ae 
> <https://urldefense.com/v3/__http://www.hct.ac.ae__;!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZDG2t1A3A$> 
> 	
> Facebook 
> <https://urldefense.com/v3/__https://www.facebook.com/hctuae__;!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZBRX6XX1w$> 
> 	Twitter 
> <https://urldefense.com/v3/__https://twitter.com/HCT_UAE__;!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZAAHg-20w$> 
> 	Instagram 
> <https://urldefense.com/v3/__https://www.instagram.com/HCT_UAE/__;!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZCr-4CVrg$> 
> 	YouTube 
> <https://urldefense.com/v3/__https://www.youtube.com/user/hctuae__;!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZDBoClXXA$> 
>
>
> Border
> Enviromental Please consider the environment before printing this email
> This Email and any attachments may contain HCT confidential and 
> privileged information.If you are not the intended recipient, please 
> notify the sender immediately by return email, delete this email and 
> destroy any copies. Any dissemination or use of this information by a 
> person other than the intended recipient is unauthorized and may be 
> illegal. Unless otherwise stated, opinions expressed in this email are 
> those of the author and are not endorsed by the author's employer.
>
>
>
> ------------------------------------------------------------------------
>
> The information in this email and any attachments are confidential and 
> solely for the use of the individual or entity to whom it is addressed 
> to and authorized to receive it. If you are not the intended 
> recipient, be advised that you have received this email in error and 
> that any use, disclosure, copying, distribution or taking any action 
> in reliance on the content of this information is strictly prohibited 
> and may be unlawful. If you have received this email in error, please 
> delete along with any attachments and inform the Higher Colleges of 
> Technology immediately at disclaimer () hct ac ae. We do not guarantee 
> the integrity of any emails or attachments and are not responsible for 
> any changes made to them by any other person.
>
> تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية 
> وتخص المستلم المعني أو الاشخاص المصرح لهم باستلامه، فإذا لم تكن 
> المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن 
> طريق الخطأ ويمنع منعاً باتاً الاستفادة منه أو افشاء محتواه أو توزيعه. 
> وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته 
> وإخطار كليات التقنية العليا فوراً على البريد الإلكتروني التالي: 
> disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو 
> مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر.
>
> ------------------------------------------------------------------------
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the 
> message, copy and paste their email address and forward the email 
> reply. Additional participation and subscription information can be 
> found at https://www.educause.edu/community 
> <https://urldefense.com/v3/__https://www.educause.edu/community__;!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZBF4iAcqA$> 


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community