Educause Security Discussion mailing list archives
Re: Data before joining a Company!
From: Uday Kiran <ukiran () HCT AC AE>
Date: Tue, 21 Jul 2020 05:10:02 +0000
Yes initial 2 points satisfies here and we make our stance about it, however, the last point is still in discussions we are letting the HR know that the candidates have to accept the NDA, again this raises a question how an org. can ask a non-employee ask to accept to such terms and conditions will it be valid or is it based on the respective country’s data privacy policy? We are sharing the OneDrive link to their personal email ID with the documents. My own thought is what if the candidate doesn’t join after accepting the offer, they have full rights to do so before he/she officially join the company, in this case we gave the information to some random person. Thanks for your inputs. Regards, Uday Kiran Snr Spl – Information Security Office of Dir. Digital Technologies اوداي كيران أخصائي أول - أمن المعلومات تكنولوجيا المعلومات [Main logo] Direct.: 9712 206 1182 Mobile: +971 56 501 1182 Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae> P.O.Box: 25026, Abu Dhabi, United Arab Emirates www.hct.ac.ae<http://www.hct.ac.ae> [Facebook]<https://www.facebook.com/hctuae> [Twitter]<https://twitter.com/HCT_UAE> [Instagram]<https://www.instagram.com/HCT_UAE/> [YouTube]<https://www.youtube.com/user/hctuae> [https://cdn.hct.ac.ae/signature_logo/June2019.jpg] [Enviromental] Please consider the environment before printing this email This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the author's employer. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jason Edelstein Sent: Monday, July 20, 2020 6:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Data before joining a Company! [ External Email ]. Please exercise caution when opening attachments. ________________________________ I'd say I'd need more information to be certain of the best answer here. Some minimal thoughts: 1. If these basic tutorials do not go through any sensitive information or give a prospective individual any permanent access before the appropriate time, that lowers the risk of doing them. 2. If these tutorials are public or simple HR processes that don't reveal anything unique that could turn these candidates into insider threats (I'm thinking of people who know enough to hurt your institution if they don't get the job), that also lowers the risk of doing them. 3. If HR wants to do these but they continue to pose a risk, perhaps working with HR to come up with a compromise where they have a digital "handout" instead of giving real access or something else. We are fairly liberal in our HR processes: we allow HR to issue IDs to individuals before their formal paperwork is completed, but in doing so they end up gathering a lot of personal information about a person, so an incident is fairly easy to resolve in the rare case one comes up. -je- On 7/19/20 12:45 AM, Uday Kiran wrote: Hope you are all safe and sound! Your feedback/advice will be very helpful in the below situation. We have a requirement that candidates who are shortlisted for a job opportunity have to go through our basic tutorials of University’s processes and procedures, along with some FAQs the candidates have about their residency, perks and how to use them. However, Information Security raised an alert to HR that before a candidate joins the organization it is unsafe to do these stuff, nonetheless, they wanted to improve the accessibility and time for candidates as well as to them; also these will be shared to the candidates’ personal email ID (of course we cannot assign an email ID before he/she joins the university). Seeking your feedback if you have any such experiences or advices. Please share. Thanks & Regards, Uday Kiran Senior Specialist – Information Security Office of Dir. Digital Technologies Uday Kiran Snr Spl – Information Security Office of Dir. Digital Technologies اوداي كيران أخصائي أول - أمن المعلومات تكنولوجيا المعلومات [Image removed by sender. Main logo] Direct.: 9712 206 1182 Mobile: +971 56 501 1182 Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae> P.O.Box: 25026, Abu Dhabi, United Arab Emirates www.hct.ac.ae<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.hct.ac.ae__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZDG2t1A3A%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869574952&sdata=pp3IrnnIawVZqrOjNh%2ByL%2F%2BuP1WsNP6f%2BhGzTfbcsyg%3D&reserved=0> [Image removed by sender. Facebook]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.facebook.com%2Fhctuae__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZBRX6XX1w%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869574952&sdata=Q%2BKE5HPRwLNEgc0%2BcbhFvrSJ1ceYp2ewbulvhITBEfw%3D&reserved=0> [Image removed by sender. Twitter]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ftwitter.com%2FHCT_UAE__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZAAHg-20w%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869579933&sdata=U5i1Y7%2F2oiMz5ViGI17dlIDmPHYh3zQbn9J6v5PmS1E%3D&reserved=0> [Image removed by sender. Instagram]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.instagram.com%2FHCT_UAE%2F__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZCr-4CVrg%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869584908&sdata=D72AAgw6yc0I%2Fw0R4O8sr8iw7MH9BXFMFgAqxkmz6Oc%3D&reserved=0> [Image removed by sender. YouTube]<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.youtube.com%2Fuser%2Fhctuae__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZDBoClXXA%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869589888&sdata=e2L%2Bw%2Bg9lLfcZ%2FNRCUbzNWx8kBciZ%2B9GS4JIksVSRrw%3D&reserved=0> [Image removed by sender.] [Image removed by sender. Enviromental] Please consider the environment before printing this email This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the author's employer. ________________________________ The information in this email and any attachments are confidential and solely for the use of the individual or entity to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance on the content of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer () hct ac ae<mailto:disclaimer () hct ac ae>. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes made to them by any other person. تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae<mailto:disclaimer () hct ac ae>. كما أننا لا نضمن سلامة أي بريد إلكتروني أو مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر. ________________________________ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.educause.edu%2Fcommunity__%3B!!BpyFHLRN4TMTrA!p4ZvfamjVCMIjb-MUphv9d8WbWPIK-cUSU9xiKgf79uGm41XiaeUicB6WZBF4iAcqA%24&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869594854&sdata=SQsUq3l9CrrzAA13EyS2NXBFLzzJ2oJ%2Bv7Ge7fYacsw%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cukiran%40HCT.AC.AE%7Ca0f7af840d1141a8661108d82cbd1324%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637308537869594854&sdata=pWMNMZ2p5%2BdvfRSuEZHCUDTERQeyZR5l8V0t5umffok%3D&reserved=0> ________________________________ The information in this email and any attachments are confidential and solely for the use of the individual or entity to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance on the content of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer () hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes made to them by any other person. تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر. ________________________________ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Data before joining a Company! Uday Kiran (Jul 18)
- Re: Data before joining a Company! Jason Edelstein (Jul 20)
- Re: Data before joining a Company! Jones, Mark B (Jul 20)
- Re: Data before joining a Company! Uday Kiran (Jul 20)
- Re: Data before joining a Company! Jason Edelstein (Jul 20)