Как iSpring Learn защищает ваши данные от информационных угроз и кибератак
Introduction and Agenda
In this section, Tatyana Galkina, the director of Spring Academy, welcomes the participants to the webinar. She introduces the topic of information security and outlines the agenda for the session.
Introduction
- Tatyana Galkina welcomes all participants to the webinar.
- She introduces herself as the director of Spring Academy.
- The webinar will focus on how Spring ensures data security.
- The session is expected to last for approximately one hour.
Q&A Session and Active Participation
This section emphasizes active participation from attendees. Questions can be asked in the chat, and there will be Q&A sessions throughout the webinar. The most active participant will receive a prize.
Q&A Session and Active Participation
- Participants are encouraged to ask questions in the chat.
- There will be multiple Q&A sessions during the webinar.
- The most active participant with interesting questions will be recognized.
- A prize will be awarded to the most active participant.
Webinar Host Introduction
Sergey Domrachev, Senior Technical Support Engineer, is introduced as today's host for the webinar. Attendees are encouraged to ask questions and actively participate.
Webinar Host Introduction
- Sergey Domrachev is introduced as today's host.
- He thanks Tatyana Galkina for her introduction.
- Sergey encourages attendees to ask questions and actively participate in the webinar.
Addressing Information Security Concerns
Sergey addresses common concerns about how Spring aligns with company security policies. He explains that these concerns are often raised by potential customers before purchasing or during planned security checks.
Addressing Information Security Concerns
- Customers often inquire about Spring's alignment with their company's security policies.
- Questions are raised before purchasing the distance learning system.
- Questions are also raised during planned security checks by the company.
- Sergey assures that these concerns will be addressed in the webinar.
Topics to be Covered
Sergey outlines the topics that will be covered in the webinar, including server locations, enhancing data security for clients, configuring unified access to the learning portal,
Overview of Spring-a Rich Media
The speaker mentions that the company, Spring-a Rich Media, is registered with Roskomnadzor and complies with federal laws regarding personal data and information technology. They request the duplication of links to the Roskomnadzor website for verification purposes.
Compliance with Information Security Standards
- Spring-a Rich Media adheres to international information security standards, specifically ISO 27001:2013.
- Obtaining this certification requires passing an international audit process that includes reviewing key documents, testing infrastructure, and conducting inspections.
- The certification is valid for three years and ensures the reliability of user data.
Data Protection Measures
- User accounts on the platform are protected through HTTPS encryption protocols.
- The system encrypts personal data to prevent unauthorized access or interception.
- Even if intercepted, the encrypted data appears as a set of unintelligible characters.
Custom Domain Integration
- Users have the option to connect their own domain through technical support.
- This allows administrators to customize the platform's URL according to their company's domain name.
Cancelling Administrator Actions
- If there is a need to cancel or modify administrator actions such as course assignments, users can contact technical support for assistance.
Cancelling Administrator Actions and Access Control
The speaker addresses questions related to cancelling administrator actions and controlling access within the system.
Cancelling Administrator Actions
- Administrators can assign courses, change assignment dates, or completely remove assignments from the learning material section.
- If an assignment was mistakenly deleted or modified without clear attribution, users can contact technical support for investigation and potential restoration.
Access Control via IP Addresses
- Users can configure access restrictions based on internal IP addresses within their organization.
- For example, users may limit access to the learning portal only from work computers or through a corporate VPN.
- This configuration requires collaboration between the system administrator and technical support.
Q&A Session
The speaker addresses questions from participants during the Q&A session.
Questions and Answers
- Participants are encouraged to ask questions regarding any concerns or inquiries they may have.
- Specific questions mentioned include the possibility of cancelling administrator actions and customizing domain names for training purposes.
- The speaker assures participants that their active engagement is appreciated and encourages them to continue asking questions.
How to Request Detailed Information on Information Security
In this section, the speaker suggests asking a colleague who is knowledgeable about information security to provide a detailed response in the chat. They mention that the question is extensive and can be better explained by the colleague.
Requesting Detailed Information on Information Security
- It is recommended to ask a colleague who specializes in information security for a detailed response in the chat.
- The question being asked is broad and requires an in-depth explanation.
- Waiting for the colleague's response before moving forward.
Enhanced Security Requirements and Server Setup
This section discusses enhanced security requirements and server setup options. It mentions the possibility of installing Spring on a closed circuit server and transferring data from the cloud version of Sprinkler if needed.
Enhanced Security Requirements and Server Setup
- If there are heightened security requirements, Spring can be installed on a closed circuit server.
- Data from the cloud version of Sprinkler can be transferred to the server if necessary.
- Technical requirements will be sent by the manager after submitting a request or estimating project costs.
- A meeting with technical specialists may be arranged to clarify any questions related to requirements.
- Infrastructure preparation for installation of Sprinkler should be done by company staff.
- An operations engineer will check and improve server configuration if needed.
- Data migration from the cloud can be performed if required.
- Testing specialists will verify functionality correctness before handing over to users.
Strengthening Account Access - Password Complexity and Hashing
This section focuses on strengthening account access through password complexity settings and password hashing. It emphasizes that Sprinkler does not store passwords in plain text, ensuring their confidentiality.
Strengthening Account Access - Password Complexity and Hashing
- Sprinkler does not store passwords in plain text, ensuring their confidentiality.
- Users are recommended to create strong passwords with a minimum of 6 characters.
- Complex passwords can include Latin and Cyrillic letters, numbers, and special characters.
- The password length can be up to 20 characters.
- Password complexity settings can be adjusted in the "Security" section of the "Settings" tab.
- After making changes, it is important to save the settings.
Additional Account Access Measures
This section discusses additional measures to enhance account access, including two-factor authentication via email or SMS.
Additional Account Access Measures
- Two-factor authentication options include email codes and SMS codes.
- Email codes require users to have a registered email address in their profile.
- SMS codes require users to have a unique phone number starting with "+7".
- Both options can be configured in the "Security" section of the "Settings" tab.
- SMS code authentication is a paid feature. Pricing details should be discussed with an account manager.
Demonstrating Password Complexity Settings
This section demonstrates how to adjust password complexity settings in Sprinkler.
Adjusting Password Complexity Settings
- Log into Sprinkler.
Live Demonstration of User Authentication
The speaker demonstrates how user authentication works in the system. They log out of their account and log in as a test user using corporate access. The speaker explains that Sprinkler does not store passwords and the user verification happens on the client's side.
User Authentication Process
- After enabling the option, a button appears for corporate access.
- User verification occurs on the client's Active Directory page.
- The speaker logs in using corporate credentials.
- A security policy is displayed for new users to accept before accessing their personal account.
- The speaker starts their training by clicking "Start Learning". The system automatically assigns courses based on the user's position and department.
User Account Management
- If a user doesn't exist, their personal account is created upon login.
- Changes in user details (e.g., job position) are synchronized during login if specified in the system.
- If a user is blocked, an error message prompts them to contact the system administrator for unblocking.
Access Control for Course Authors and Administrators
This section discusses how access to educational materials can be managed for course authors and administrators. It explains how projects are used to organize learning materials and how access can be granted to specific users.
Managing Access to Educational Materials
- Projects contain learning materials, courses, and training trajectories.
- Course authors can create projects and grant access to specific users.
- Invitations are sent to users for joining a project. Different levels of access can be assigned (viewing, editing, creating).
- Questions regarding access control can be directed to the account manager.
Technical Support and Platform Installation
This section addresses questions related to technical support and platform installation for the server version of the system.
Technical Support for Server Version
- Instructions for operating the system are provided in an operation manual.
- Sprinkler's technical support team assists with troubleshooting by requesting access credentials if necessary.
- (t=1896s
Mobile Communication and SMS Commands
This section discusses the use of mobile communication in Sprinkler's system, specifically focusing on sending commands via SMS without relying on the internet.
Mobile Communication and SMS Commands
- Sprinkler's system allows for sending commands via SMS, which is independent of internet connectivity.
- The command is sent to an SMS center, which then sends it to the designated house.
- Users can use any phone number starting with any digits, regardless of the country.
- Sprinkler has international clients, so their system accounts for different countries.
Recovering Deleted Materials
This section addresses a frequently encountered question regarding the recovery of deleted materials by course authors.
Recovering Deleted Materials
- If an author deletes a course material, it is possible to recover it by contacting support.
- Contact support at support@sprinkler.ru and provide your account address in the browser's address bar.
- It is helpful to remember or provide keywords related to the deleted material for easier retrieval.
- Data is stored for 30 days, so prompt action is recommended.
User Content and Course Statistics
This section explains how user-generated content and course statistics are managed in Sprinkler's system.
User Content and Course Statistics
- Users can upload educational materials and courses.
- Course statistics are tracked for individual users, providing insights into their progress.
Integration with Active Directory Federation Services (ADFS)
This section discusses integrating Sprinkler's system with ADFS for user authentication.
Integration with ADFS
- Integration with ADFS allows users to authenticate using their existing credentials from Active Directory.
- The integration supports protocols such as Active Directory Federation Services (ADFS) and OAuth.
Potential Issues with Microsoft Cloud Solutions
This section highlights potential issues that may arise when using Microsoft's cloud solutions for integration.
Potential Issues with Microsoft Cloud Solutions
- As Sprinkler's system is a cloud-based solution from Microsoft, there may be issues related to subscription renewal or purchasing.
- Care should be taken when dealing with subscription extensions or purchases.
External Expert Access to Project Functionality
This section addresses the question of providing external experts access to project functionality while restricting full access to all features.
External Expert Access to Project Functionality
- When working with projects, external experts can be granted limited access to specific functionalities.
- Users can be added to specific projects, allowing them access only to their assigned project.
- The user will see only their project
Using Integrations for Employee Training
In this section, the speaker discusses the use of integrations for employee training and offers to provide more information on various integration possibilities.
Integrating Sprinkler System with Training Services
- The speaker suggests leaving a request to be contacted by specialists who can provide information on integrating the Sprinkler system with different training services.
Book Giveaway
- As promised earlier, the speaker announces that Margarita Morozova will receive a book as a reward for asking the most interesting question during the session.
Providing Contact Information
- The speaker asks Margarita to provide her contact information so they can send her the book.
- Participants are encouraged to provide feedback through a QR code provided in the webinar chat.
Joining the Webinar Series and Requesting Topics
- Participants are invited to join the webinar series and submit topics of interest for future webinars.
Conclusion
The speaker thanks all participants for their active engagement and wishes them a productive day.