...
The University and the NCSA respect the privacy of its staff and customers. However, staff and NCSA users both must both be aware that there are systems in place that actively monitor for indicators of compromise and record logs to support the IT infrastructure at NCSA. For example, NCSA monitors its networks in realtime for security and performance issues; shared systems record logs to a centralized log server; vulnerability scanners regularly scan systems and credentials for weaknesses; and High Performance Computers (HPCs) may record all interactions on the command line, though not without appropriate warning to users. These systems can therefore see all unencrypted traffic as well as laptop/workstation backups if encryption is not utilized.
...
"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
The privacy of other staff and stakeholders must also be respected, and unauthorized snooping of traffic or communications of fellow staff is a serious offense that will be reported to HR or a guest's sponsor. This includes unauthorized video and audio recording as well as network traffic recording or any means of superseding ones authorizations to look at digital files they should not access. Some types of unauthorized recording are a criminal offence in Illinois and could also be reported to the authorities.
...
Those who self-manage systems on NCSA networks are responsible for following security best practices and keeping their systems up-to-date. They must follow all University policies regarding anti-virus software, firewalls, and other security software. The Security Office will help keep staff stakeholders aware of these policies and best practices.
...
NCSA equipment that is lost or stolen must be reported to one's manager/sponsor and Shipping & Receiving. If it held high risk data as defined in University Policy, its loss must also be reported to the NCSA Security Office.
NCSA equipment with Blue inventory tags must be returned to Shipping & Receiving when no longer needed. It must not be disposed of personally, even if broken. From there, equipment will be securely wiped clean and either repurposed at NCSA, or sent to campus Surplussurplus.
Finally, personal equipment that is used on NCSA networks will still be monitored and must follow the NCSA Network Security Policy. Personal equipment must never be used to store high risk data for the University.
...
The University has three categories in our its Data Classification Policy: High Risk, Confidential, and Public. Stakeholders must follow University policies regarding these classifications and also inform the NCSA Security Office if they are in possession of any high risk data as this will require a data management plan.
University data that lives exclusively on a laptop, workstation or other device must be backed up regularly or moved to shared service that is backed up, like a wiki or file server. NCSA provides a backup service to all faculty and staff with an appointment and will help to configure its use on their systems.
...
This policy is reviewed annually by the Security Office. Feedback is solicited from the Information Infrastructure Board for any recommended changes. New versions are approved by the NCSA Director's Office.
Questions
Questions regarding this policy or its implications can be sent to the Security Office (security@ncsa.illinois.edu) or the NCSA Help Desk (help@ncsa.illinois.edu).
References
University Security & Privacy Policies
...