Security & Data Management WWU
Best Practices & Policies
Security/Privacy Breach
Reporting
All Western employees have a responsibility to protect the security of our data and the privacy of our customer's data which they have entrusted to
Western. As such all employees have a responsibility to report any
possible breach of security or privacy. Immediately report any possible
breaches to the Director of Administrative Computing, x3502, or the CIO.
Passwords are possibly the most important component of user security -
safeguard them.
Don’t post where others can see
it.
Choose a password that is hard
for someone or a hacker to figure out.
-Should be at least 8 characters.
-Include at least one number or special character
-Use only the following special characters (% _ + , .)
-Do not include words.
Change regularly.
Never give a password to anyone;
not even computer services technicians.
High Security Zone The central administrative
application systems such as Banner is in the WWU High Security Zone. This zone
requires additional protection as the zone contains applications and databases
that hold private and protected information. Any userid/password used to access
this zone must be protected to the highest degree practical.
Standard Security Zone This zone contains normal central file services
(Novell), E-mail, and academic systems. While access to these systems
do not need to be as secure as those in the High Security Zone passwords
should be secure and not shared especially is confidential information is
stored on these systems.
To be safe consider all
information related to individuals as confidential information. Do not release
any confidential information unless specifically approved by the custodian of
the data; i.e., Registrar is the custodian of student data. Confidential
information should not be loaded on local workstations or laptops unless
temporary and high security is in place on the workstation. Transmissions of
confidential information over the Internet must be encrypted. All printed
materials containing confidential information needs to be secured.
Once printed material containing confidential information is no longer
needed it should be shredded.
If important data is stored on a
workstation it must be backed up regularly. Hard disks do fail – it is just a
matter of time. Central hard disks are mirrored and backed up every night.
Critical university and departmental data should be stored on central file
servers (U: or P: drive).
Defines users' responsibility in regards to protecting and releasing ...
information. Users that get access to Banner & other centralized
data agree to abide by the Code of Responsibility.
Servers or workstations causing
problems with the campus network will be disconnected from the network to
insure the campus services are maintained.
Users should not install their
own servers or server applications. If server based applications are
needed the user should consult ITS Technical Services or their local
technical support organization to insure appropriate security protections
are installed and configured properly.
All servers must have the latest
patches and virus protections installed and maintained. All servers must also
have all ITS required security features enabled.
WWU has central facilities to
provide users with dial-up modem and high speed network access. Users
should not install their own auto answer modems to provide network access
services. If remote access services are needed the user must consult with ITS or
their local technical
support. To get personal remote access via modems or the internet complete the
Modem Request E-sign Form or Remote Access Request E-sign Form.
Also, do not store
WA SCAN codes or WWU long distance access codes in dialing software, unless high
security mechanisms are used.
