• Created by Unknown User (slagell), last modified on Aug 14, 2014

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

  • Mission & Purpose
    • NCSA
    • Security Group 9can borrow from old)
    • Policy's purpose is to fulfill the missions thru sound practice
  • Scope
    • It is for staff and compliments University staff policies
  • Responsibility
    • Staff
      • Follow this and related policies
        • University policies, ethics etc, other NCSA policies
        • Follow NDAs and other agreements or contracts on projects 
      • Corporate with security, legal & regulatory investigations & audits
        • Be truthful, no spoofing, falsifying data or destroying evidence
      • report incidents & violations
      • Attend awareness training
    • Security team (cyber only)
      • Protect networks and systems
      • Uphold policies
      • guide & train
    • Physical security
      • In admin group, under building managers
      • implement University policies regarding guests, scanning in, etc.
  • Policy
    • privacy
      • Privacy of users/ customer data
      • Privacy of others & snooping
      • FOIA
      • Security team respects privacy
        • network monitoring
        • Cameras
        • investigations
        • vulnerability scanning, including passwords
    • Appropriate use of systems/accounts/services
      • authentication credentials
        • No sharing
        • no cleartext storage
        • no clear text email/xfer
      • hacking/exceeding authority
        • includes violating permissions & impersonating others
        • using to attack others
      • personal use and ethical consideration
        • University ethics office
        • not making money, inline with mission of the university
    • Service operation
      • BE aware of laws and privacy of users
      • follow network security policies
      • involve security in planning process
      • change control as appropriate
      • production servers belong in a RAF room, see network zone policy
    • Equipment registered to you
      • Follow best practices and maintain updates, follow university policies
      • screen locks on mobile devices, leaving office doors open
      • taking home
      • Done with it, broken or lost
        • surplus & wipe
        • xfer equipment
      • ethical use
      • Personal equipment implications
    • Information/Data
      • Follow university policy
        • includes printed materials and physical locks
      • Notify of high risk or confidential data
      • backup important
      • encryption on backup & mobile
      • approved third parties like box
    • employee exit
      • authorizations
      • keys
      • email lists
      • property return
  • Authority & Consequences
    • revoked accounts, privileges, taken off network, reported to HR
    • PA only has authority to speak with the public directly or the DO
  • Exceptions process
  • Review & update
  • References

 

  • No labels