Versions Compared

Old Version 22

changes.mady.by.user Adam Slagell

Saved on

compared with

New Version 23

changes.mady.by.user Adam Slagell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Finally, the Security Office must be involved early on when developing proposals that will place new infrastructure at NCSA. This is because special requirements could require extra planning by security staff or even have extra costs that must be accounted for in the proposal. For example, having personal health information could require clearance with the University or special environments to be setup, and bringing new WAN links could incur extra costs or planning for monitoring NCSA networks.

Registered Equipment Use

Most full-time employees have laptops, workstations or other computer equipment assigned to them, for which they are responsible. This includes the physical and cyber security of these devices.

For the cyber-protection of equipment, it is required that devices left unattended will lock within 5 minutes, requiring a password, passcode or biometric to access them. This is especially important of mobile devices, such as, tablets and laptops, but important for even workstations in shared office or unsecured spaces. Even personal devices, if used for university business, must use such timed lockouts. For example, a mobile phone that is setup to use University email must have a passcode or biometric enabled.

Staff that manage their own systems are responsible for following security best practices and keeping their systems up-to-date. They must follow all University policies regarding anti-virus software, firewalls, and other security software. Regular security training at NCSA will help keep staff aware of these policies and best practices.

Staff are usually allowed to take laptops home and some other equipment home, but this must be done with approval from their manager and registered with Shipping & Receiving. They are responsible for inventory and must be informed of equipment that leaves the office or any transfers of equipment to other staff. Such equipment must still have a business purpose if taken home, and staff are again advised to contact the Ethics Office with specific questions about personal use of University equipment.

Equipment that is lost or stolen must be reported to one's manager and Shipping & Receiving. If it held high risk data as defined in University Policy, its loss must also be reported to the Security Office.

Equipment with Blue inventory tags must be returned to Shipping & Receiving when no longer needed. It must not be disposed of personally, even if it is broken. From there, equipment will be securely wiped clean and either repurposed at NCSA, or sent to campus Surplus.

Finally, personal equipment that is used on NCSA networks will still be monitored and must follow the NCSA Network Security Policy. Personal equipment must never be used to store high risk data for the University.

  • PolicyPolicy
    Equipment registered to you
  • Follow best practices and maintain updates, follow university policies
  • screen locks on mobile devices, leaving office doors open
  • taking home
  • Done with it, broken or lost
    • surplus & wipe
    • xfer equipment
  • ethical use
    • Personal equipment implications
    • Information/Data
      • Follow university policy
        • includes printed materials and physical locks
      • Notify of high risk or confidential data
      • backup important
      • encryption on backup & mobile
      • approved third parties like box
    • employee exit
      • authorizations
      • keys
      • email lists
      • property return
  • Authority & Consequences
    • revoked accounts, privileges, taken off network, reported to HR
    • PA only has authority to speak with the public directly or the DO
  • Exceptions process
  • Review & update
  • References

...