- Mission & Purpose
- NCSA
- Security Group 9can (can borrow from old)
- Policy's purpose is to fulfill the missions thru sound practice
- Scope
- It is for staff and compliments University staff policies
- Responsibility
- Staff
- Follow this and related policies
- University policies, ethics etc, other NCSA policies
- Follow NDAs and other agreements or contracts on projects
- Corporate with security, legal & regulatory investigations & audits
- Be truthful, no spoofing, falsifying data or destroying evidence
- report incidents & violations
- Attend awareness training
- Follow this and related policies
- Security team (cyber only)
- Protect networks and systems
- Uphold policies
- guide & train
- Physical security
- In admin group, under building managers
- implement University policies regarding guests, scanning in, etc.
- Staff
- Policy
- privacy
- Privacy of users/ customer data
- Privacy of others & snooping
- FOIA
- Security team respects privacy
- network monitoring
- Cameras
- investigations
- vulnerability scanning, including passwords
- Appropriate use of systems/accounts/services
- authentication credentials
- No sharing
- no cleartext storage
- no clear text email/xfer
- hacking/exceeding authority
- includes violating permissions & impersonating others
- using to attack others
- personal use and ethical consideration
- University ethics office
- not making money, inline with mission of the university
- authentication credentials
- Service operation
- BE aware of laws and privacy of users
- follow network security policies
- involve security in planning process
- change control as appropriate
- production servers belong in a RAF room, see network zone policy
- Equipment registered to you
- Follow best practices and maintain updates, follow university policies
- screen locks on mobile devices, leaving office doors open
- taking home
- Done with it, broken or lost
- surplus & wipe
- xfer equipment
- ethical use
- Personal equipment implications
- Information/Data
- Follow university policy
- includes printed materials and physical locks
- Notify of high risk or confidential data
- backup important
- encryption on backup & mobile
- approved third parties like box
- Follow university policy
- employee exit
- authorizations
- keys
- email lists
- property return
- privacy
- Authority & Consequences
- revoked accounts, privileges, taken off network, reported to HR
- PA only has authority to speak with the public directly or the DO
- Exceptions process
- Review & update
- References
...