Case Study 2: Eletronic Record Safety And Security



You are called in as a records management consultant to a government agency to offer the agency technical assistance on improving security for staff computers in various workspaces.

You begin your work for the agency by interviewing a government employee about his situation regarding his computer and work space.

The employee noticed a few things were out of place in his office when he arrived in the morning for a few instances over the period of a month. He works in a government office building that has fairly stringent security measures in place – all staff must show picture ID to security personnel to obtain physical access to the floor on which his office is located.

Here are a few things that were amiss in his office:

  • The default homepage (an intranet website) was changed 
  •  A note, food wrappers and crumbs that did not belong to the employee were found near the computer workspace. 
  •  According to the log of visited Internet websites, several websites had been viewed recently that had ever been visited by the employee, many of which were inappropriate. 
  • New software had been loaded onto his computer from the Internet
  •  According to time stamps, Internet files were accessed between the hours of 1 and 3 AM. Staff is not permitted access to the building at those hours.
  • Smudges were found on the computer monitor. 


The employee believed someone had been fooling around with his computer and was concerned the information and records on his computer may have been deleted or changed. He was anxious to find a solution to his problem.

Based on your review of this scenario, list at least seven specific recommendations (which relate directly to the information presented above) the government agency should follow to address the above issues and prevent them from occurring in the future.

The recommendation for government agency for their technical assistance on improving security for staff computers in various workspaces.

Computer auto lock when you walk away.

Not allow to share the password.

Virus Email

Use external media.

Protect information stored on computer.

Make the passwords unpredictable.

Personal security card

Have a security plan

Good training security

All staff must take responsibility of security in the company.




No comments:

Post a Comment

Search This Blog