|
|||
|
Index: - Passwords - Workstation Security - Security Zones - Confidential Information - Backup of Data - Code of Responsiblity - Release of information - Ethical Conduct - Servers and Server Applications - Data Transmissions - Remote Access Services - Employee Termination - WWU User Security Information - Work@ home - Disaster and Pandemic Preparation |
|||
| Passwords | |||
| Passwords are possibly the most important component of user security - safeguard them. | |||
| Don’t post where others can see it. | |||
| Choose a password that is hard for someone or a hacker to figure out. | |||
| - Should be at least 8 characters. - Include at least one number or special character - Use only the following special characters (% _ , .) - Do not include words. |
|||
| Change regularly. | |||
| Never give a password to anyone; not even computer services technicians. | |||
| Banner Password Changing | |||
| Workstation Security | |||
| Always use a password protected screen saver if workstation contains protected data or has access to protected data. Set the idle time to 15 minutes or less. Whenever leaving one's workstation lock the systems by holding down the Windows "START" key and pressing the letter "L" key. | |||
| Do not store personal or
confidential information on workstations. If you need to, you must encrypt
that data. See the ATUS Web information on encryption relating to
security and securing documents. Have virus protection installed and set for auto updates. Have Windows set up for auto updates. For assistance contact the ATUS Help Desk at x.3333. |
|||
| WWU E-mail is university business communication. This is public information. | |||
| Confidential Information | |||
| To be safe consider all information related to individuals as confidential information. Do not release any confidential information unless specifically approved by the custodian of the data; i.e., Registrar is the custodian of student data. Confidential information should not be loaded on local workstations or laptops unless temporary and high security is in place on the workstation. Transmissions of confidential information over the Internet must be encrypted. All printed materials containing confidential information needs to be secured. Once printed material containing confidential information is no longer needed it should be shredded. | |||
| Backup of Data | |||
| If important data is stored on a workstation it must be backed up regularly. Hard disks do fail – it is just a matter of time. Central hard disks are mirrored and backed up every night. Critical university and departmental data should be stored on central file servers (U: or P: drive). | |||
| Code of Responsibility | |||
| Defines users' responsibility in regards to protecting and releasing ... information. Users that get access to Banner & other centralized data agree to abide by the Code of Responsibility. | |||
| Release of Information | |||
| See Confidential Information above; See Code of Responsibility | |||
| Ethical Conduct | |||
| University standards for appropriate ethical conduct in the information technology area. | |||
| Servers and Server Applications | |||
| Servers or workstations causing
problems with the campus network will be disconnected from the network to
insure the campus services are maintained. Users should not install their own servers or server applications. If server based applications are needed the user should consult ITS Technical Services or their local technical support organization to insure appropriate security protections are installed and configured properly. |
|||
| All servers must have the latest patches and virus protections installed and maintained. All servers must also have all ITS required security features enabled. | |||
| Data Transmissions | |||
| Internet transmissions of confidential information must be encrypted. Communications with Central systems transmitting confidential information are encrypted. | |||
| Remote Access Services | |||
| WWU has central facilities to provide users with high speed network access. Users should not install their own auto answer modems to provide network access services. If remote access services are needed, the user must consult with ITS. To get personal remote access via the internet complete the Remote Access Request E-sign form. Also, do not store WA SCAN codes or WWU long distance access codes in dialing software, unless high security mechanisms are used. | |||
| Work@ home - Disaster and Pandemic Preparation | |||
| Supervisors should make sure employees are prepared to work from home in the event of an emergency like a natural disaster or a pandemic occurrence. Employees with home computers must submit an Esign form to get VPN access. They need to install WWU's VPN client software available from the ATUS web site. | |||
| Employee Termination | |||
| Contact ATUS at x.4444, or e-mail the ATUSHelpDesk@wwu.edu to immediately have access to computer systems disabled. | |||
|
|
|||