...
| Table of Contents | ||
|---|---|---|
|
...
Mission & Purpose
The National Center for Supercomputing Applications (NCSA) is an interdisciplinary hub at the University of Illinois at Urbana-Champaign, which serves the computational needs of the nation's scientists and engineers through the cyberinfrastructure (hardware, software, & services) they develop and support.
...
This policy document supports these missions by promoting sound practices for securing digital assets by educating users on their responsibilities and authorized procedures and processes at NCSA.
...
Scope
This policy is applicable to all University faculty & staff with appointments at NCSA, and compliments other NCSA and UIUC security policies (e.g. the NCSA Network Security Policy and UIUC Information Security Policy). Links to these and other security policies can be found in the reference section of this document.
This policy does not cover physical security. Physical security is the responsibility of the building managers for each building NCSA occupies. These persons are in the Admin Directorate, separate from the Security Office, and are responsible for implementing University policies regarding visitors, cameras, key and key card management, safety systems, etc. Where appropriate, they work with the Security Office to fulfill security requirements.
...
Responsibility
As security is a process, and not a technology, security is everyone's responsibility and requires cooperation, awareness and ownership by all parties. Therefore, not only does the Security Office hold responsibilities for protecting NCSA assets, but so do all staff.
...
Finally, NCSA staff must attend a security training or watch recorded materials within the first 90 days of employment, and again if the Security Office announces major updates to the training program. This is important not only to keep up-to-date with changing policies and procedures, but best practices and security threats change over time.
...
Policy
Privacy Expectations
The University and the NCSA respect the privacy of its staff and customers. However, staff and NCSA users must both be aware that there are systems in place that actively monitor for indicators of compromise and record logs that support the IT infrastructure at NCSA. For example, the NCSA monitors its networks in realtime for security and performance issues; shared systems record logs to a centralized log server; vulnerability scanners regularly scan systems and credentials for weaknesses; and High Performance Computers (HPCs) may record all interactions on the command line, though not without appropriate warning to users. These systems can therefore see all unencrypted traffic as well as laptop/workstation backups if encryption is not utilized.
...