Versions Compared

Old Version 1

changes.mady.by.user Adam Slagell

Saved on

compared with

New Version 2

changes.mady.by.user Adam Slagell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Mission
    • NCSA
    • Security Group
  • Scope
    • It is for staff and compliments University staff policies
  • Responsibility
    • Staff
      • Follow this and related policies
        • University policies, ethics etc, other NCSA policies
        • Follow NDAs and other agreements or contracts on projects 
      • Corporate with security, legal & regulatory investigations & audits
      • report incidents & violations
      • Follow NDAs and other agreements or contracts on projects 
        • Be truthful, no spoofing, falsifying data or destroying evidence
      • Notify of high risk or confidential data
      • Follow best practices and maintain updates
      • report incidents & violations
      • Attend awareness training
    • Security team (cyber only)
      • Protect networks and systems
      • Uphold policies
      • guide & train
    • Physical security
      • In admin group, under building managers
      • implement University policies regarding guests, scanning in, etc.respect privacy
      • network monitoring
      • Cameras
      • investigations
        • vulnerability scanning, including passwords
  • Authority & Consequences
    • revoked accounts, privileges, taken off network, reported to HR
    • PA only has authority to speak with the public directly or the DO
  • Exceptions process
  • Review & update
  • Policy
    • privacy
      • Privacy of users/ customer data
      • Privacy of others &
      snopping
      • snooping
      • Security team respects privacy
        • network monitoring
        • Cameras
        • investigations
        • vulnerability scanning, including passwords
    • Appropriate use of systems/accounts/services
    • Admin directorate
    • building managers implement
      • authentication credentials
        • No sharing
        • no cleartext storage
        • no clear text email/xfer
      • hacking/exceeding authority
        • includes violating permissions & impersonating others
      • personal use and ethical consideration
          Unviersity
          • University ethics office
          • not making money, inline with mission of the
          univeristy
      • screen locks on mobile devices, leaving office doors open
      physical
          • university
        polciyguests and tailgaiting
      • Service operation
        • BE aware of laws and privacy of users
        • follow network security policies
        avoid local passwords
        • involve security in planning process
        • change control as appropriate
      • Equipment registered to you
        • Follow best practices and maintain updates, follow university policies
        • screen locks on mobile devices, leaving office doors open
        • taking home
        • Done with it
          • surplus & wipe
          • xfer equipment
        • ethical use
      • xfer equipment
      data
      • Information/Data
        • Follow university policy
        notify security
          • includes printed materials and physical locks
        • Notify of high risk or confidential data
        • backup important
        • encryption on backup & mobile
        • approved
        thrid
        • third parties like box
      Processes
      • employee exit
        • authorizations
        • keys
        • email lists
        • property return

    ...