1 / 16

Security Awareness security.nsu

Security Awareness http://security.nsu.edu. Norfolk State University Policies. Security Awareness: Policies. NSU policies are available from: http://www.nsu.edu/policies Policy 60.201: Acceptable Use of Technology Resources Policy 62.002: Computer Systems Passwords

Download Presentation

Security Awareness security.nsu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Awarenesshttp://security.nsu.edu Norfolk State University Policies

  2. Security Awareness:Policies • NSU policies are available from: • http://www.nsu.edu/policies • Policy 60.201: Acceptable Use of Technology Resources • Policy 62.002: Computer Systems Passwords • http://www.nsu.edu/oit/policies • Policy 61.002: Electronic Data Privacy and Ownership • Policy 62.001: Continuity of Operations Disaster Recovery Plan • http://www.nsu.edu/forms • Resource Authorization Request / OIT Request Form & Information Security Access Agreement

  3. Security Awareness:Policies • Policy 60.201: Acceptable Use of Technology Resources • Describes standards for using the University resources. • States that activities can be monitored. • States what types of use or access are authorized or not authorized. • Examples: • material covered by law not permitted • obscene, inflammatory, or objectionable not permitted • Do not allow access to unauthorized persons • equipment removal • external equipment • downloading and causing too much traffic

  4. Security Awareness:Policies • Policy 60.201 (Continued) • Privacy (or rather, no expectation of) • Commonwealth policy • Electronic communications can be forwarded without users knowledge • Viewed or downloaded material/information • University is not responsible • Use caution • Protect NSU assets

  5. Security Awareness:Policies • Policy 60.201 (Continued) • User Responsibilities include (some, not all): • You represent NSU • Operate in an ethical manner • Maintain security • use for approved purposes • Respect

  6. Security Awareness:Policies • Policy 60.201 (Continued) • Network Accounts • used for university business • maintain privacy and security of account information • Some Prohibited items are: • logging onto more than one computer • sharing passwords • introducing Virsuses, worms • permitting unauthorized persons access

  7. Security Awareness:Policies • Policy 60.201 (Continued) • University records • email is for delivery • up to users to deem what is retained or archived • Violations will be handled • According to state policy • According to Vice President or designee • Interpretation is according to the VP of Research and Technology

  8. Security Awareness:Policies • Policy 62.002: Computer Systems Passwords • Guidelines • Used to access network, email, etc… • Creation: • complex, not easy to guess (dog, son, car, etc..) • At least 8 characters • Mix upper & lower case letters, numbers and special characters • Not a word or name

  9. Security Awareness:Policies • Policy 62.002: (Continued) • Protection: • change IFAS/DataTel pw every 30 days • change network pw every 12 months • use a passphrase • do not write it down • Do not use it on non-NSU systes • Do not share it • Treat as confidential

  10. Security Awareness:Policies • Policy 62.002: (Continued) • Assessment • Random assessments of passwords • Violations handled according to VP

  11. Security Awareness:Policies • Policy 61.002: Electronic Data Privacy and Ownership • It is everyone’s responsibility to protect and maintain university data • Any data required to conduct university business and operation • Public use data for public use • Internal use not available to anyone outside the university • Highly sensitive data is data based on legal specifications, law, or any other data that needs to be protected • Protect data for those that conduct business with the university

  12. Security Awareness:Policies • Policy 61.002: (Continued) • Authorized use • Limit Access • Safeguard SSN • Departments are responsible for reviewing and monitoring internal policies • Exercise caution and care

  13. Security Awareness:Policies • Policy 62.001: Continuity of Operations Disaster Recovery Plan • Password protected to ensure security • Describes the procedures for restoring operation in the event of disaster as soon as possible • Contains possible scenarios • Contains list of servers and network equipment and the type of equipment each is • If restoration is needed, the order of restoration is included

  14. Security Awareness:Policies • Policy 62.001: (Continued) • Management Team • makes decisions and directs recovery • Damage Assessment Team • determine extent of damage • Recovery Team • determine assets needed • conduct recovery • Contact information for team members, contractors and vendors

  15. Security Awareness:Policies • Policy 62.001: (Continued) • Backup procedures • Risk Assessment and planning • Restoration procedures

  16. Security Awareness:Policies • Resource Authorization Request / OIT Request Form & Information Security Access Agreement • All users must have one • Agreement with university to abide by policies, laws and procedures • New users use this to get accounts for necessary access • Get access to additional resources • Needs supervisor signature

More Related