Versions Compared

Old Version 12

changes.mady.by.user Adam Slagell

Saved on

compared with

New Version 13

changes.mady.by.user Adam Slagell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Faculty & Staff have responsibility to follow the security policies and procedures of NCSA, UIUC and State of Illinois. That includes this policy, but also the applicable policies referenced at the end of this document. Staff associated with some projects and activities may also have additional responsibilities, for example, from non-disclosure agreements that put additional restrictions on data sharing via our contracts with vendors or industrial partners.

 

...

  • University policies, ethics etc, other NCSA policies
  • Follow NDAs and other agreements or contracts on projects 

...

NCSA staff are expected to corporate with security, legal

...

and regulatory investigations

...

or audits. This includes being truthful,

...

not spoofing another person's identity, and never falsifying

...

or destroying evidence.

It is the responsibility of all staff to report security incidents

...

or violations of these policies to the Security Office. Similarly, it is everyone's responsibility to promptly report a suspected compromise of their systems or credentials so that abuse can be prevented as early as possible.

Finally, NCSA staff must attend a security training or watch recorded materials within the first 90 days of employment, and again if the Security Office announces major updates to the training program. This is important not only to keep up-to-date with changing policies and procedures, but best practices and security threats change over time.

 

...

  • Policy
    • privacy
      • Privacy of users/ customer data
      • Privacy of others & snooping
      • FOIA
      • Security team respects privacy
        • network monitoring
        • Cameras
        • investigations
        • vulnerability scanning, including passwords
    • Appropriate use of systems/accounts/services
      • authentication credentials
        • No sharing
        • no cleartext storage
        • no clear text email/xfer
      • hacking/exceeding authority
        • includes violating permissions & impersonating others
        • using to attack others
      • personal use and ethical consideration
        • University ethics office
        • not making money, inline with mission of the university
    • Service operation
      • BE aware of laws and privacy of users
      • follow network security policies
      • involve security in planning process
      • change control as appropriate
      • production servers belong in a RAF room, see network zone policy
    • Equipment registered to you
      • Follow best practices and maintain updates, follow university policies
      • screen locks on mobile devices, leaving office doors open
      • taking home
      • Done with it, broken or lost
        • surplus & wipe
        • xfer equipment
      • ethical use
      • Personal equipment implications
    • Information/Data
      • Follow university policy
        • includes printed materials and physical locks
      • Notify of high risk or confidential data
      • backup important
      • encryption on backup & mobile
      • approved third parties like box
    • employee exit
      • authorizations
      • keys
      • email lists
      • property return
  • Authority & Consequences
    • revoked accounts, privileges, taken off network, reported to HR
    • PA only has authority to speak with the public directly or the DO
  • Exceptions process
  • Review & update
  • References

...