Security awareness http security nsu edu
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

Security Awareness security.nsu PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

Security Awareness http://security.nsu.edu. Norfolk State University Policies. Security Awareness: Policies. NSU policies are available from: http://www.nsu.edu/policies Policy 60.201: Acceptable Use of Technology Resources Policy 62.002: Computer Systems Passwords

Download Presentation

Security Awareness security.nsu

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Security awareness http security nsu edu

Security Awarenesshttp://security.nsu.edu

Norfolk State University

Policies


Security awareness policies

Security Awareness:Policies

  • NSU policies are available from:

    • http://www.nsu.edu/policies

      • Policy 60.201: Acceptable Use of Technology Resources

      • Policy 62.002: Computer Systems Passwords

    • http://www.nsu.edu/oit/policies

      • Policy 61.002: Electronic Data Privacy and Ownership

      • Policy 62.001: Continuity of Operations Disaster Recovery Plan

    • http://www.nsu.edu/forms

      • Resource Authorization Request / OIT Request Form & Information Security Access Agreement


Security awareness policies1

Security Awareness:Policies

  • Policy 60.201: Acceptable Use of Technology Resources

    • Describes standards for using the University resources.

    • States that activities can be monitored.

    • States what types of use or access are authorized or not authorized.

      • Examples:

        • material covered by law not permitted

        • obscene, inflammatory, or objectionable not permitted

        • Do not allow access to unauthorized persons

        • equipment removal

        • external equipment

        • downloading and causing too much traffic


Security awareness policies2

Security Awareness:Policies

  • Policy 60.201 (Continued)

    • Privacy (or rather, no expectation of)

      • Commonwealth policy

      • Electronic communications can be forwarded without users knowledge

    • Viewed or downloaded material/information

      • University is not responsible

      • Use caution

      • Protect NSU assets


Security awareness policies3

Security Awareness:Policies

  • Policy 60.201 (Continued)

    • User Responsibilities include (some, not all):

      • You represent NSU

      • Operate in an ethical manner

      • Maintain security

      • use for approved purposes

      • Respect


Security awareness policies4

Security Awareness:Policies

  • Policy 60.201 (Continued)

    • Network Accounts

      • used for university business

      • maintain privacy and security of account information

      • Some Prohibited items are:

        • logging onto more than one computer

        • sharing passwords

        • introducing Virsuses, worms

        • permitting unauthorized persons access


Security awareness policies5

Security Awareness:Policies

  • Policy 60.201 (Continued)

    • University records

      • email is for delivery

      • up to users to deem what is retained or archived

    • Violations will be handled

      • According to state policy

      • According to Vice President or designee

    • Interpretation is according to the VP of Research and Technology


Security awareness policies6

Security Awareness:Policies

  • Policy 62.002: Computer Systems Passwords

    • Guidelines

    • Used to access network, email, etc…

    • Creation:

      • complex, not easy to guess (dog, son, car, etc..)

      • At least 8 characters

      • Mix upper & lower case letters, numbers and special characters

      • Not a word or name


Security awareness policies7

Security Awareness:Policies

  • Policy 62.002: (Continued)

    • Protection:

      • change IFAS/DataTel pw every 30 days

      • change network pw every 12 months

      • use a passphrase

      • do not write it down

      • Do not use it on non-NSU systes

      • Do not share it

      • Treat as confidential


Security awareness policies8

Security Awareness:Policies

  • Policy 62.002: (Continued)

    • Assessment

      • Random assessments of passwords

    • Violations handled according to VP


Security awareness policies9

Security Awareness:Policies

  • Policy 61.002: Electronic Data Privacy and Ownership

    • It is everyone’s responsibility to protect and maintain university data

    • Any data required to conduct university business and operation

      • Public use data for public use

      • Internal use not available to anyone outside the university

      • Highly sensitive data is data based on legal specifications, law, or any other data that needs to be protected

    • Protect data for those that conduct business with the university


Security awareness policies10

Security Awareness:Policies

  • Policy 61.002: (Continued)

    • Authorized use

    • Limit Access

    • Safeguard SSN

    • Departments are responsible for reviewing and monitoring internal policies

    • Exercise caution and care


Security awareness policies11

Security Awareness:Policies

  • Policy 62.001: Continuity of Operations Disaster Recovery Plan

    • Password protected to ensure security

    • Describes the procedures for restoring operation in the event of disaster as soon as possible

    • Contains possible scenarios

    • Contains list of servers and network equipment and the type of equipment each is

    • If restoration is needed, the order of restoration is included


Security awareness policies12

Security Awareness:Policies

  • Policy 62.001: (Continued)

    • Management Team

      • makes decisions and directs recovery

    • Damage Assessment Team

      • determine extent of damage

    • Recovery Team

      • determine assets needed

      • conduct recovery

    • Contact information for team members, contractors and vendors


Security awareness policies13

Security Awareness:Policies

  • Policy 62.001: (Continued)

    • Backup procedures

    • Risk Assessment and planning

    • Restoration procedures


Security awareness policies14

Security Awareness:Policies

  • Resource Authorization Request / OIT Request Form & Information Security Access Agreement

    • All users must have one

    • Agreement with university to abide by policies, laws and procedures

    • New users use this to get accounts for necessary access

    • Get access to additional resources

    • Needs supervisor signature


  • Login