Versions Compared

Old Version 81

changes.mady.by.user Alexander Withers

Saved on

compared with

New Version Current

changes.mady.by.user Jacob Gallion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

Document Name: NCSA Information Security Policy
Version: 2 2.0.32
Accountable: Alex Withers James Eyrich
Authors: Adam Slagell, Alex Withers

Reviewed: August 22, 2023
Approved: Oct. 4, 2019August 24,2023 by IIB

Table of Contents
outlinetrue

...

Reputational systems and services are run out of the Integrated Cyberinfrastructure (ICI) Directorate, which includes the Security Office. The ICI division leads meet regularly and with other stakeholders on the NCSA Information Internal Infrastructure Board to provide the best services possible for our workforce members, users and partners. However, there are many R&D projects that run their own internal services less formally. Regardless, operators of any service still have obligations and need to be aware of NCSA/UIUC policies and procedures.

Raised access floor (RAF) space is provided for servers at NCSA. Based on the needs of the project and costs, servers could be placed in either the main data center at NPCF or one of the smaller RAF spaces in the NCSA building. The Information Internal Infrastructure Board works with PIs (Principal Investigators) to find the appropriate space. 

...

NCSA accounts may or may not be deactivated, depending on the role the person maintains with the Center. However, if they are departing staff, they must be removed from all staff groups in NCSA authorization systems and staff email lists. They will also be removed from any other NCSA email lists unless the list owner actively approves of their continued membership.

Security Controls

Additionally, departing staff must acknowledge the NCSA Acceptable Use Policy, which includes a confidentiality agreement for workforce members with access to sensitive data, to ensure employees are reminded of their obligation to not discuss sensitive information after employment.

Security Controls

NCSA prescribes security controls consummate with the risk NCSA prescribes security controls consummate with the risk level of the information systems.  Current controls are in place to prevent, detect, contain, respond to, and/or otherwise recover from security incidents. These controls are found in the following security policy documents:

...

The Advanced Computational Health Enclave (ACHE) is a special environment with restricted physical and electronic access at NCSA. All Sensitive data including all electronic Protected Health Information (ePHI) and Controlled Unclassified Information (CUI) processed or stored at NCSA is done within this environment.

All NCSA workforce members who need access to this environment or who may come in contact with ePHI during day-to-day operations or an emergency are designated as a part of the NCSA Health Care Component (NHCC) of the University of Illinois Covered Entity. All NCSA workforce members who need access to this environment or who may come in contact with CUI during day-to-day operations or an emergency are designated as a part of the NCSA Staff with ACHE Access group.

All workforce members in the Covered Entity workforce members in the covered entity must take the official UofI HIPAA training annually, and all workforce members in the NCSA Staff with ACHE Access group must take CUI training. If they use laptops to access these systems, the devices must utilize full disk encryption. All laptops and workstations they use for this work must also employ password protected screen savers that automatically lock after a period of inactivity.

...

This policy is reviewed annually by the Security Office. Feedback is solicited from the Information Internal Infrastructure Board for any recommended changes. New versions are approved by the NCSA Director's Office.

...

Policies, standards, guidelines, and procedures developed by the NCSA Security Office are linked to from https://wiki.ncsa.illinois.edu/display/cybersec/Policies+and+Procedures

...

Children Display
alltrue
pagePolicies and Procedures

...

Other Resources

  1. University of Illinois Ethics Office (www.ethics.uillinois.edu)
  2. Illinois Freedom of Information Act (www.uillinois.edu/foia)