 -
Policies
PowerPoint
Security Awareness ~ Policies
NSU Policies
- NSU policies are available from:
Policy 60.201: Acceptable Use of Technology Resources
- Describes standards for using the University resources.
- States that activities can be monitored.
- States what types of use or access are authorized or not authorized.
- Examples
- material covered by law not permitted
- obscene, inflammatory, or objectionable not permitted
- Do not allow access to unauthorized persons
- equipment removal
- external equipment
- downloading and causing too much traffic
- Privacy (or rather, no expectation of)
- Commonwealth policy
- Electronic communications can be forwarded without users
knowledge
- Viewed or downloaded material/information
- University is not responsible
- Use caution
- Protect NSU assets
- User Responsibilities include (some, not all):
- You represent NSU
- Operate in an ethical manner
- Maintain security
- use for approved purposes
- Respect
- Network Accounts
- used for university business
- maintain privacy and security of account information
- Some Prohibited items are:
- logging onto more than one computer
- sharing passwords
- introducing Virsuses, worms
- permitting unauthorized persons access
- University records
- email is for delivery
- up to users to deem what is retained or archived
- Violations will be handled
- According to state policy
- According to Vice President or designee
- Interpretation is according to the VP of Research and
Technology
Policy 60.202: Computer Systems Passwords
- Policy 62.002: Computer Systems
Passwords
- Guidelines
- Used to access network, email, etc…
- Creation:
- complex, not easy to guess (dog, son, car, etc..)
- At least 8 characters
- Mix upper & lower case letters, numbers and special
characters
- Not a word or name
- Protection:
- change IFAS/DataTel pw every 30 days
- change network pw every 12 months
- use a passphrase
- do not write it down
- Do not use it on non-NSU systems
- Do not share it
- Treat as confidential
- Assessment
- Random assessments of passwords
- Violations handled according to VP
- Authorized use
- Limit Access
- Safeguard SSN
- Departments are responsible for reviewing and monitoring
internal policies
- Exercise caution and care
Policy 62.001: Continuity of Operations Disaster Recovery Plan
- Policy 62.001: Continuity of Operations Disaster Recovery Plan
- Password protected to ensure security
- Describes the procedures for restoring operation in the event of disaster as
soon as possible
- Contains possible scenarios
- Contains list of servers and network equipment and the type of equipment each is
- If restoration is needed, the order of restoration is included
- Management Team
- makes decisions and directs recovery
- Damage Assessment Team
- determine extent of damage
- Recovery Team
- determine assets needed
- conduct recovery
- Contact information for team members, contractors and vendors
- Backup Procedures
- Risk Assessment and Planning
- Restoration procedures
Policy 62.001: Continuity of Operations Disaster Recovery Plan
- Resource Authorization Request /
OIT Request Form & Information Security Access Agreement
- All users must have one
- Agreement with university to abide by policies, laws and
procedures
- New users use this to get accounts for necessary access
- Get access to additional resources
- Needs supervisor signature
|
