Web Content Management: Approval Process & Training (CTS)

  • Full-time professional staff are recommended by their department head and approved by the sector vice president. Student employees are “sponsored” by a full-time professional staff member, recommended by their department head, approved by the sector vice president, and approved by the vice president of external affairs and development.
  • The vice president informs CTS Web Development of the employee’s approval.
  • CTS will schedule a training session (1 hour) with the approved staff/student. The training session includes key elements from NYS cyber-security policy:
    1. Hands-on training using the CMS system
    2. Discussion of copyright infringement
    3. Discussion of Web accessibility
    4. Privacy of student data
    5. Reiterate to the end user to not share the use of their tnt_lan account. All users must be trained and given access individually.
    6. Sensitive or confidential State information must not be made available through a server that is available to a public network. Definition of sensitive information will be taken to mean:
      1. information related to systems, structures, individuals and services essential to the security, government, or economy of the State, including telecommunications (including voice and data transmission and the Internet);
      2. electrical power, gas and oil storage and transportation;
      3. banking and finance;
      4. water supply;
      5. emergency services (including medical, fire, and police services);
      6. and the continuity of government operations.
      7. Sensitive information includes, but is not limited to:
        1. data that identifies specific structural, operational, or technical information, such as: maps, mechanical or architectural drawings, floor plans, operational plans or procedures, or other detailed information relating to electric, natural gas, steam, water supplies, nuclear or telecommunications systems or infrastructure, including associated facilities;
        2. training and security procedures at sensitive facilities and locations;
        3. descriptions of technical processes and technical architecture;
        4. plans for disaster recovery and business continuity;
        5. inventory/depictions/photographs/locations of physical equipment, assets and infrastructure;
        6. reports, surveys, or audits that contain sensitive information; and
        7. other subject and areas of relevant concerns as determined by the state government entity.