menu

Security Considerations for Remote Work

(Apr.28 2020)
To prevent the spread of COVID-19 infection, faculties and researchers are encouraged to work from home.
   We need to be careful on security risks, such as Information leakage/theft, when working from home. For your secure work, please read the following notice.

            [Notice]

  1. Announce Information Handling Restrictions on Research Activities [Mandatory for Heads of Laboratories].
      Each head of a laboratory must announce and instruct how research data in their laboratory should be handled to laboratory members (assistant professors, students, researchers, etc.).
      See the following URL for the details of rating and handling restrictions for information.

    情報格付けガイドライン
    Information Rating Guideline (Japanese)
   
    * Example 1: Research data including sensitive personal information
      - Confidence level 3 (C3)
      - Default handling restrictions for C3
      - Extra restriction: Prohibition of handing outside from JAIST.

    * Example 2: Important research data under a non-disclosure
      agreement (NDA)
      - Confidence level 3 (C3)
      - Default handling restrictions for C3
      - Extra restrictions: Prohibition of handing except with specified devices and in an isolated room, and Requirement to surely remove temporary derived data at the end of handling.

    * Example 3: Important research data outside of any NDA
      - Confidence level 2 (C2)
      - Default handling restrictions for C2

    * Example 4: Research data that can be disclosed without any problem
      - Confidence level 1 (C1)
      - No handling restrictions (Default for C1)

    * The above examples are just examples. For each piece of information, it is possible to add extra restrictions and/or relax some of default restrictions, according to importance, characteristics, impacts of leakage/theft, etc.

    * The handling restrictions for information under an NDA must be decided based on a discussion among collaborative partners.

  2. Obey Information Handling Restrictions on Research Activities [Mandatory]
      Obey information handling restrictions specified by the head of your laboratory. If the restrictions significantly prevent your research activities, ask the head about it and follow their instructions.

  3. Obey Information Handling Restrictions on Organizational and Educational Operations [Mandatory]
      Obey information handling restrictions specified by the head of related department. If the restrictions significantly prevent your organizational and educational operations, ask the head about it and follow their instructions.

  4. Take Security Measures for Devices [Mandatory]
      The following proactive measures are essential for your devices (PCs, tablets, smart phones, etc.) which you use for work.

     * Keep OS and Apps up-to-date.
     * Install security software (anti-virus software, etc.) if possible, keep it up-to-date, and regularly scan the devices.
     * Avoid sharing the devices with your family, friends, etc.
     * Encrypt data (or the devices itself) in easy-to-lose devices,
       e.g., USB flash drives.

  5. Use JAIST Cloud Desktop [Recommendation]
      JAIST Cloud Desktop provides secure environment to work from home. When you work on the desktop, no data will be left on your client devices.
      See the following URL for the detail of the JAIST Cloud Desktop.

     JAIST Cloud Desktop:
    
     * SSL-VPN is required to access from off-campus