- Mission
- Scope
- It is for staff and compliments University staff policies
- Responsibility
- Staff
- Follow this and related policies
- University policies, ethics etc, other NCSA policies
- Follow NDAs and other agreements or contracts on projects
- Corporate with security, legal & regulatory investigations & audits
- Be truthful, no spoofing, falsifying data or destroying evidence
- report incidents & violations
- Attend awareness training
- Security team (cyber only)
- Protect networks and systems
- Uphold policies
- guide & train
- Physical security
- In admin group, under building managers
- implement University policies regarding guests, scanning in, etc.
- Authority & Consequences
- revoked accounts, privileges, taken off network, reported to HR
- PA only has authority to speak with the public directly or the DO
- Exceptions process
- Review & update
- Policy
- privacy
- Privacy of users/ customer data
- Privacy of others & snooping
- Security team respects privacy
- network monitoring
- Cameras
- investigations
- vulnerability scanning, including passwords
- Appropriate use of systems/accounts/services
- authentication credentials
- No sharing
- no cleartext storage
- no clear text email/xfer
- hacking/exceeding authority
- includes violating permissions & impersonating others
- personal use and ethical consideration
- University ethics office
- not making money, inline with mission of the university
- Service operation
- BE aware of laws and privacy of users
- follow network security policies
- involve security in planning process
- change control as appropriate
- Equipment registered to you
- Follow best practices and maintain updates, follow university policies
- screen locks on mobile devices, leaving office doors open
- taking home
- Done with it
- surplus & wipe
- xfer equipment
- ethical use
- Information/Data
- Follow university policy
- includes printed materials and physical locks
- Notify of high risk or confidential data
- backup important
- encryption on backup & mobile
- approved third parties like box
- employee exit
- authorizations
- keys
- email lists
- property return