Mission & Purpose

The National Center for Supercomputing Applications (NCSA) is an interdisciplinary hub at the University of Illinois at Urbana-Champaign, which serves the computational needs of the nation's scientists and engineers through the cyberinfrastructure (hardware, software, & services) they develop and support.

The NCSA Security Office supports the mission of the center by assuring the confidentiality, integrity and availability of the center's digital assets and resources and those of its partners. This is achieved through its monitoring, incident response, proactive security design, education, and awareness activities at the center and with its collaborators.

This policy document supports these missions by promoting sound practices for securing digital assets by educating users on their responsibilities and authorized procedures and processes at NCSA.

Scope

This policy is applicable to all University faculty & staff with appointments at NCSA, and compliments other NCSA and UIUC security policies (e.g. the NCSA Network Security Policy and UIUC Information Security Policy). Links to these and other security policies can be found in the reference section of this document.

• Scope
  
  • It is for staff and compliments University staff policies
• Responsibility
  • Staff
    • Follow this and related policies
      • University policies, ethics etc, other NCSA policies
      • Follow NDAs and other agreements or contracts on projects 
    • Corporate with security, legal & regulatory investigations & audits
      • Be truthful, no spoofing, falsifying data or destroying evidence
    • report incidents & violations
    • Attend awareness training
  • Security team (cyber only)
    • Protect networks and systems
    • Uphold policies
    • guide & train
  • Physical security
    • In admin group, under building managers
    • implement University policies regarding guests, scanning in, etc.
• Policy
  • privacy
    • Privacy of users/ customer data
    • Privacy of others & snooping
    • FOIA
    • Security team respects privacy
      • network monitoring
      • Cameras
      • investigations
      • vulnerability scanning, including passwords
  • Appropriate use of systems/accounts/services
    
    • authentication credentials
      • No sharing
      • no cleartext storage
      • no clear text email/xfer
    • hacking/exceeding authority
      • includes violating permissions & impersonating others
      • using to attack others
    • personal use and ethical consideration
      • University ethics office
      • not making money, inline with mission of the university
  • Service operation
    • BE aware of laws and privacy of users
    • follow network security policies
    • involve security in planning process
    • change control as appropriate
    • production servers belong in a RAF room, see network zone policy
  • Equipment registered to you
    • Follow best practices and maintain updates, follow university policies
    • screen locks on mobile devices, leaving office doors open
    • taking home
    • Done with it, broken or lost
      • surplus & wipe
      • xfer equipment
    • ethical use
    • Personal equipment implications
  • Information/Data
    
    • Follow university policy
      • includes printed materials and physical locks
    • Notify of high risk or confidential data
    • backup important
    • encryption on backup & mobile
    • approved third parties like box
  • employee exit
    • authorizations
    • keys
    • email lists
    • property return
• Authority & Consequences
  • revoked accounts, privileges, taken off network, reported to HR
  • PA only has authority to speak with the public directly or the DO
• Exceptions process
• Review & update
• References