Versions Compared

Old Version 33

changes.mady.by.user Adam Slagell

Saved on

compared with

New Version 34

changes.mady.by.user Adam Slagell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This policy does not cover physical securitybuilding security, though it covers the physical protection of electronic devices that store University data.

Responsibility

As security is a process, and not a technology, security is everyone's responsibility and requires cooperation, awareness and ownership by all parties. Therefore, not only does the Security Office hold responsibilities for protecting NCSA assets, but so do all staff.

...

NCSA staff are expected to corporate cooperate with security, legal and regulatory investigations or audits. This includes being truthful, not spoofing impersonating another person's identity, and never falsifying or destroying evidence.

...

In addition to this automated monitoring, manual investigations of security incidents or performance issues may require authorized staff to view traffic or files on NCSA networks and equipment.

Cameras record activity in public spaces in all buildings NCSA occupies for safety and security.

As State employees, staff need to be aware that anything they write using University systems, is potentially open to FOIA requests. This includes emails saved on University systems, printed records, and things written on wikis or other forums at the University. As such, it is recommended that staff have the following footer included on their University emails.

...

Production services are primarily run out of one of three directorates at NCSA: Advanced Digital Services (ADS), Information Technology Services (ITS), or Cybersecuritythe Security Office. These groups meet regular regularly and their leaders form the NCSA IT Operations Board who work together to provide the best services possible for our staff, users and partners. However, there are many R&D projects that run their own services less formally. These Principal Investigators (PIs and ), project managers their system operators still have obligations and need to be aware of NCSA/UIUC policies and procedures that affect operators of any service.

...

Finally, the Security Office must be involved early on when developing funding proposals that will place new infrastructure at NCSA. This is because special requirements could require extra planning by security staff or even have extra costs that must be accounted for in the proposal. For example, having storing personal health information could require clearance with the University or special environments to be setup, and bringing new WAN links could incur extra costs or planning for monitoring NCSA networks.

...

Staff that manage their own systems are responsible for following security best practices and keeping their systems up-to-date. They must follow all University policies regarding anti-virus software, firewalls, and other security software. Regular security training at NCSA The Security Office will help keep staff aware of these policies and best practices.

...

The University has three categories in their our Data Classification Policy: High Risk, Confidential, and Public. NCSA staff must follow University policies regarding these classifications and also inform the NCSA Security Office if they are in possession of any high risk data as this will require a data management plan.

...

Only University approved third-party cloud services are allowed for storing unencrypted high risk or confidential University data (this includes backups that may contain such data). Data must otherwise be . If not pre-approved, like Box.com, data must be locally encrypted before being put on the third-party services such that the cloud provider cannot read the contents of that dataservice. For example, syncing a password manager across a an unapproved cloud service like Dropbox is allowed, provided that it is always stored encrypted with a password known only to the user of the password manager.

...