Security Awareness http security nsu edu Norfolk State

Security Awareness http: //security. nsu. edu Norfolk State University Policies

Security Awareness: Policies NSU policies are available from: http: //www. nsu. edu/policies Policy 60. 201: Acceptable Use of Technology Resources Policy 62. 002: Computer Systems Passwords http: //www. nsu. edu/oit/policies Policy 61. 002: Electronic Data Privacy and Ownership Policy 62. 001: Continuity of Operations Disaster Recovery Plan http: //www. nsu. edu/forms Resource Authorization Request / OIT Request Form & Information Security Access Agreement

Security Awareness: Policies Policy 60. 201: Acceptable Use of Technology Resources Describes standards for using the University resources. States that activities can be monitored. States what types of use or access are authorized or not authorized. Examples: material covered by law not permitted obscene, inflammatory, or objectionable not permitted Do not allow access to unauthorized persons equipment removal external equipment downloading and causing too much traffic

Security Awareness: Policies Policy 60. 201 (Continued) Privacy (or rather, no expectation of) Commonwealth policy Electronic communications can be forwarded without users knowledge Viewed or downloaded material/information University is not responsible Use caution Protect NSU assets

Security Awareness: Policies Policy 60. 201 (Continued) User Responsibilities include (some, not all): You represent NSU Operate in an ethical manner Maintain security use for approved purposes Respect

Security Awareness: Policies Policy 60. 201 (Continued) Network Accounts used for university business maintain privacy and security of account information Some Prohibited items are: logging onto more than one computer sharing passwords introducing Virsuses, worms permitting unauthorized persons access

Security Awareness: Policies Policy 60. 201 (Continued) University records email is for delivery up to users to deem what is retained or archived Violations will be handled According to state policy According to Vice President or designee Interpretation is according to the VP of Research and Technology

Security Awareness: Policies Policy 62. 002: Computer Systems Passwords Guidelines Used to access network, email, etc… Creation: complex, not easy to guess (dog, son, car, etc. . ) At least 8 characters Mix upper & lower case letters, numbers and special characters Not a word or name

Security Awareness: Policies Policy 62. 002: (Continued) Protection: change IFAS/Data. Tel pw every 30 days change network pw every 12 months use a passphrase do not write it down Do not use it on non-NSU systes Do not share it Treat as confidential

Security Awareness: Policies Policy 62. 002: (Continued) Assessment Random assessments of passwords Violations handled according to VP

Security Awareness: Policies Policy 61. 002: Electronic Data Privacy and Ownership It is everyone’s responsibility to protect and maintain university data Any data required to conduct university business and operation Public use data for public use Internal use not available to anyone outside the university Highly sensitive data is data based on legal specifications, law, or any other data that needs to be protected Protect data for those that conduct business with the university

Security Awareness: Policies Policy 61. 002: (Continued) Authorized use Limit Access Safeguard SSN Departments are responsible for reviewing and monitoring internal policies Exercise caution and care

Security Awareness: Policies Policy 62. 001: Continuity of Operations Disaster Recovery Plan Password protected to ensure security Describes the procedures for restoring operation in the event of disaster as soon as possible Contains possible scenarios Contains list of servers and network equipment and the type of equipment each is If restoration is needed, the order of restoration is included

Security Awareness: Policies Policy 62. 001: (Continued) Management Team makes decisions and directs recovery Damage Assessment Team determine extent of damage Recovery Team determine assets needed conduct recovery Contact information for team members, contractors and vendors

Security Awareness: Policies Policy 62. 001: (Continued) Backup procedures Risk Assessment and planning Restoration procedures

Security Awareness: Policies Resource Authorization Request / OIT Request Form & Information Security Access Agreement All users must have one Agreement with university to abide by policies, laws and procedures New users use this to get accounts for necessary access Get access to additional resources Needs supervisor signature