Security Awareness Norfolk State University Policies.
-
Upload
britton-day -
Category
Documents
-
view
218 -
download
2
Transcript of Security Awareness Norfolk State University Policies.
Security AwarenessSecurity Awarenesshttp://security.nsu.edu
Norfolk State UniversityPolicies
Security Awareness:Security Awareness:PoliciesPolicies
NSU policies are available from:http://www.nsu.edu/policies
Policy 60.201: Acceptable Use of Technology ResourcesPolicy 62.002: Computer Systems Passwords
http://www.nsu.edu/oit/policiesPolicy 61.002: Electronic Data Privacy and OwnershipPolicy 62.001: Continuity of Operations Disaster Recovery Plan
http://www.nsu.edu/formsResource Authorization Request / OIT Request Form & Information Security Access Agreement
Security Awareness:Security Awareness:PoliciesPolicies
Policy 60.201: Acceptable Use of Technology Resources
Describes standards for using the University resources.States that activities can be monitored.States what types of use or access are authorized or not authorized.
Examples:material covered by law not permittedobscene, inflammatory, or objectionable not permittedDo not allow access to unauthorized personsequipment removalexternal equipmentdownloading and causing too much traffic
Security Awareness:Security Awareness:PoliciesPolicies
Policy 60.201 (Continued)Privacy (or rather, no expectation of)
Commonwealth policyElectronic communications can be forwarded without users knowledge
Viewed or downloaded material/information
University is not responsibleUse cautionProtect NSU assets
Security Awareness:Security Awareness:PoliciesPolicies
Policy 60.201 (Continued)User Responsibilities include (some, not all):
You represent NSUOperate in an ethical mannerMaintain securityuse for approved purposesRespect
Security Awareness:Security Awareness:PoliciesPolicies
Policy 60.201 (Continued)Network Accounts
used for university businessmaintain privacy and security of account informationSome Prohibited items are:
logging onto more than one computersharing passwordsintroducing Virsuses, wormspermitting unauthorized persons access
Security Awareness:Security Awareness:PoliciesPolicies
Policy 60.201 (Continued)University records
email is for deliveryup to users to deem what is retained or archived
Violations will be handledAccording to state policyAccording to Vice President or designee
Interpretation is according to the VP of Research and Technology
Security Awareness:Security Awareness:PoliciesPolicies
Policy 62.002: Computer Systems Passwords
GuidelinesUsed to access network, email, etc…Creation:
complex, not easy to guess (dog, son, car, etc..)At least 8 charactersMix upper & lower case letters, numbers and special charactersNot a word or name
Security Awareness:Security Awareness:PoliciesPolicies
Policy 62.002: (Continued)Protection:
change IFAS/DataTel pw every 30 dayschange network pw every 12 monthsuse a passphrasedo not write it downDo not use it on non-NSU systesDo not share itTreat as confidential
Security Awareness:Security Awareness:PoliciesPolicies
Policy 62.002: (Continued)Assessment
Random assessments of passwords
Violations handled according to VP
Security Awareness:Security Awareness:PoliciesPolicies
Policy 61.002: Electronic Data Privacy and Ownership
It is everyone’s responsibility to protect and maintain university dataAny data required to conduct university business and operation
Public use data for public useInternal use not available to anyone outside the universityHighly sensitive data is data based on legal specifications, law, or any other data that needs to be protected
Protect data for those that conduct business with the university
Security Awareness:Security Awareness:PoliciesPolicies
Policy 61.002: (Continued)Authorized useLimit AccessSafeguard SSNDepartments are responsible for reviewing and monitoring internal policiesExercise caution and care
Security Awareness:Security Awareness:PoliciesPolicies
Policy 62.001: Continuity of Operations Disaster Recovery Plan
Password protected to ensure securityDescribes the procedures for restoring operation in the event of disaster as soon as possibleContains possible scenariosContains list of servers and network equipment and the type of equipment each isIf restoration is needed, the order of restoration is included
Security Awareness:Security Awareness:PoliciesPolicies
Policy 62.001: (Continued)Management Team
makes decisions and directs recovery
Damage Assessment Teamdetermine extent of damage
Recovery Teamdetermine assets neededconduct recovery
Contact information for team members, contractors and vendors
Security Awareness:Security Awareness:PoliciesPolicies
Policy 62.001: (Continued)Backup proceduresRisk Assessment and planningRestoration procedures
Security Awareness:Security Awareness:PoliciesPolicies
Resource Authorization Request / OIT Request Form & Information Security Access Agreement
All users must have oneAgreement with university to abide by policies, laws and proceduresNew users use this to get accounts for necessary accessGet access to additional resourcesNeeds supervisor signature