You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

  • Mission
    • NCSA
    • Security Group
  • Scope
    • It is for staff and compliments University staff policies
  • Responsibility
    • Staff
      • Follow this and related policies
        • University policies, ethics etc, other NCSA policies
      • Corporate with security, legal & regulatory investigations & audits
      • report incidents & violations
      • Follow NDAs and other agreements or contracts on projects 
      • Be truthful, no spoofing, falsifying data or destroying evidence
      • Notify of high risk or confidential data
      • Follow best practices and maintain updates
      • Attend awareness training
    • Security team
      • Protect
      • Uphold policies
      • guide & train
      • respect privacy
        • network monitoring
        • Cameras
        • investigations
        • vulnerability scanning, including passwords
  • Authority & Consequences
    • revoked accounts, privileges, taken off network, reported to HR
    • PA only has authority to speak with the public directly or the DO
  • Exceptions
  • Review & update
  • privacy
    • Privacy of users/ customer data
    • Privacy of others & snopping
  • Appropriate use of systems/accounts/services
    • authentication credentials
      • No sharing
      • no cleartext storage
      • no clear text email/xfer
    • hacking/exceeding authority
    • personal use and ethical consideration
      • Unviersity ethics office
      • not making money, inline with mission of the univeristy
    • screen locks on mobile devices, leaving office doors open
  • physical
    • Admin directorate
    • building managers implement university polciy
    • guests and tailgaiting
  • Service operation
    • BE aware of laws and privacy of users
    • follow network security policies
    • avoid local passwords
    • involve security in planning process
    • change control as appropriate
  • Equipment registered to you
    • taking home
    • surplus & wipe
    • ethical use
    • xfer equipment
  • data
    • Follow university policy
    • notify security
    • backup important
    • encryption on backup & mobile
    • approved thrid parties like box
  • Processes
    • employee exit
      • authorizations
      • keys
      • email lists
      • property return

 

  • No labels