Re: Data before joining a Company!

[Uday Kiran <ukiran () HCT AC AE>]

Yes initial 2 points satisfies here and we make our stance about it, however, the last point is still in discussions we 
are letting the HR know that the candidates have to accept the NDA, again this raises a question how an org. can ask a 
non-employee ask to accept to such terms and conditions will it be valid or is it based on the respective country’s 
data privacy policy?

We are sharing the OneDrive link to their personal email ID with the documents. My own thought is what if the candidate 
doesn’t join after accepting the offer, they have full rights to do so before he/she officially join the company, in 
this case we gave the information to some random person.

Thanks for your inputs.

Regards,

Uday Kiran
Snr Spl – Information Security
Office of Dir. Digital Technologies

اوداي كيران

أخصائي أول - أمن المعلومات

تكنولوجيا المعلومات



[Main logo]

Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates



www.hct.ac.ae<http://www.hct.ac.ae>

[Facebook]<https://www.facebook.com/hctuae>

[Twitter]<https://twitter.com/HCT_UAE>

[Instagram]<https://www.instagram.com/HCT_UAE/>

[YouTube]<https://www.youtube.com/user/hctuae>




[https://cdn.hct.ac.ae/signature_logo/June2019.jpg]

[Enviromental] Please consider the environment before printing this email

This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jason Edelstein
Sent: Monday, July 20, 2020 6:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Data before joining a Company!

[ External Email ]. Please exercise caution when opening attachments.
________________________________
I'd say I'd need more information to be certain of the best answer here. Some minimal thoughts:

1. If these basic tutorials do not go through any sensitive information or give a prospective individual any permanent 
access before the appropriate time, that lowers the risk of doing them.

2. If these tutorials are public or simple HR processes that don't reveal anything unique that could turn these 
candidates into insider threats (I'm thinking of people who know enough to hurt your institution if they don't get the 
job), that also lowers the risk of doing them.

3. If HR wants to do these but they continue to pose a risk, perhaps working with HR to come up with a compromise where 
they have a digital "handout" instead of giving real access or something else.

We are fairly liberal in our HR processes: we allow HR to issue IDs to individuals before their formal paperwork is 
completed, but in doing so they end up gathering a lot of personal information about a person, so an incident is fairly 
easy to resolve in the rare case one comes up.

-je-

On 7/19/20 12:45 AM, Uday Kiran wrote:
Hope you are all safe and sound! Your feedback/advice will be very helpful in the below situation.

We have a requirement that candidates who are shortlisted for a job opportunity have to go through our basic tutorials 
of University’s processes and procedures, along with some FAQs the candidates have about their residency, perks and how 
to use them.

However, Information Security raised an alert to HR that before a candidate joins the organization it is unsafe to do 
these stuff, nonetheless, they wanted to improve the accessibility and time for candidates as well as to them; also 
these will be shared to the candidates’ personal email ID (of course we cannot assign an email ID before he/she joins 
the university).

Seeking your feedback if you have any such experiences or advices. Please share.

Thanks & Regards,

Uday Kiran
Senior Specialist – Information Security
Office of Dir. Digital Technologies








Uday Kiran
Snr Spl – Information Security
Office of Dir. Digital Technologies

اوداي كيران

أخصائي أول - أمن المعلومات

تكنولوجيا المعلومات



[Image removed by sender. Main logo]

Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates



www.hct.ac.ae<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.hct.ac.ae__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZDG2t1A3A%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869574952&sdata=pp3IrnnIawVZqrOjNh%2ByL%2F%2BuP1WsNP6f%2BhGzTfbcsyg%3D&reserved=0>

[Image removed by sender. 
Facebook]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.facebook.com%2Fhctuae__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZBRX6XX1w%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869574952&sdata=Q%2BKE5HPRwLNEgc0%2BcbhFvrSJ1ceYp2ewbulvhITBEfw%3D&reserved=0>

[Image removed by sender. 
Twitter]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ftwitter.com%2FHCT_UAE__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZAAHg-20w%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869579933&sdata=U5i1Y7%2F2oiMz5ViGI17dlIDmPHYh3zQbn9J6v5PmS1E%3D&reserved=0>

[Image removed by sender. 
Instagram]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.instagram.com%2FHCT_UAE%2F__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZCr-4CVrg%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869584908&sdata=D72AAgw6yc0I%2Fw0R4O8sr8iw7MH9BXFMFgAqxkmz6Oc%3D&reserved=0>

[Image removed by sender. 
YouTube]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.youtube.com%2Fuser%2Fhctuae__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZDBoClXXA%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869589888&sdata=e2L%2Bw%2Bg9lLfcZ%2FNRCUbzNWx8kBciZ%2B9GS4JIksVSRrw%3D&reserved=0>




[Image removed by sender.]

[Image removed by sender. Enviromental] Please consider the environment before printing this email

This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.


________________________________

The information in this email and any attachments are confidential and solely for the use of the individual or entity 
to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you 
have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance 
on the content of this information is strictly prohibited and may be unlawful. If you have received this email in 
error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer 
() hct ac ae<mailto:disclaimer () hct ac ae>. We do not guarantee the integrity of any emails or attachments and are 
not responsible for any changes made to them by any other person.

تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم 
باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً 
الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات 
التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae<mailto:disclaimer () hct ac ae>. كما أننا لا 
نضمن سلامة أي بريد إلكتروني أو مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر.

________________________________

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.educause.edu%2Fcommunity__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZBF4iAcqA%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869594854&sdata=SQsUq3l9CrrzAA13EyS2NXBFLzzJ2oJ%2Bv7Ge7fYacsw%3D&reserved=0>



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869594854&sdata=pWMNMZ2p5%2BdvfRSuEZHCUDTERQeyZR5l8V0t5umffok%3D&reserved=0>

________________________________

The information in this email and any attachments are confidential and solely for the use of the individual or entity 
to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you 
have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance 
on the content of this information is strictly prohibited and may be unlawful. If you have received this email in 
error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer 
() hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes 
made to them by any other person.

تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم 
باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً 
الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات 
التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو 
مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر.

________________________________

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community