security awareness http security nsu edu
Download
Skip this Video
Download Presentation
Security Awareness security.nsu

Loading in 2 Seconds...

play fullscreen
1 / 16

Security Awareness security.nsu - PowerPoint PPT Presentation


  • 126 Views
  • Uploaded on

Security Awareness http://security.nsu.edu. Norfolk State University Policies. Security Awareness: Policies. NSU policies are available from: http://www.nsu.edu/policies Policy 60.201: Acceptable Use of Technology Resources Policy 62.002: Computer Systems Passwords

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Security Awareness security.nsu' - prescott-peck


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security awareness http security nsu edu

Security Awarenesshttp://security.nsu.edu

Norfolk State University

Policies

security awareness policies
Security Awareness:Policies
  • NSU policies are available from:
    • http://www.nsu.edu/policies
      • Policy 60.201: Acceptable Use of Technology Resources
      • Policy 62.002: Computer Systems Passwords
    • http://www.nsu.edu/oit/policies
      • Policy 61.002: Electronic Data Privacy and Ownership
      • Policy 62.001: Continuity of Operations Disaster Recovery Plan
    • http://www.nsu.edu/forms
      • Resource Authorization Request / OIT Request Form & Information Security Access Agreement
security awareness policies1
Security Awareness:Policies
  • Policy 60.201: Acceptable Use of Technology Resources
    • Describes standards for using the University resources.
    • States that activities can be monitored.
    • States what types of use or access are authorized or not authorized.
      • Examples:
        • material covered by law not permitted
        • obscene, inflammatory, or objectionable not permitted
        • Do not allow access to unauthorized persons
        • equipment removal
        • external equipment
        • downloading and causing too much traffic
security awareness policies2
Security Awareness:Policies
  • Policy 60.201 (Continued)
    • Privacy (or rather, no expectation of)
      • Commonwealth policy
      • Electronic communications can be forwarded without users knowledge
    • Viewed or downloaded material/information
      • University is not responsible
      • Use caution
      • Protect NSU assets
security awareness policies3
Security Awareness:Policies
  • Policy 60.201 (Continued)
    • User Responsibilities include (some, not all):
      • You represent NSU
      • Operate in an ethical manner
      • Maintain security
      • use for approved purposes
      • Respect
security awareness policies4
Security Awareness:Policies
  • Policy 60.201 (Continued)
    • Network Accounts
      • used for university business
      • maintain privacy and security of account information
      • Some Prohibited items are:
        • logging onto more than one computer
        • sharing passwords
        • introducing Virsuses, worms
        • permitting unauthorized persons access
security awareness policies5
Security Awareness:Policies
  • Policy 60.201 (Continued)
    • University records
      • email is for delivery
      • up to users to deem what is retained or archived
    • Violations will be handled
      • According to state policy
      • According to Vice President or designee
    • Interpretation is according to the VP of Research and Technology
security awareness policies6
Security Awareness:Policies
  • Policy 62.002: Computer Systems Passwords
    • Guidelines
    • Used to access network, email, etc…
    • Creation:
      • complex, not easy to guess (dog, son, car, etc..)
      • At least 8 characters
      • Mix upper & lower case letters, numbers and special characters
      • Not a word or name
security awareness policies7
Security Awareness:Policies
  • Policy 62.002: (Continued)
    • Protection:
      • change IFAS/DataTel pw every 30 days
      • change network pw every 12 months
      • use a passphrase
      • do not write it down
      • Do not use it on non-NSU systes
      • Do not share it
      • Treat as confidential
security awareness policies8
Security Awareness:Policies
  • Policy 62.002: (Continued)
    • Assessment
      • Random assessments of passwords
    • Violations handled according to VP
security awareness policies9
Security Awareness:Policies
  • Policy 61.002: Electronic Data Privacy and Ownership
    • It is everyone’s responsibility to protect and maintain university data
    • Any data required to conduct university business and operation
      • Public use data for public use
      • Internal use not available to anyone outside the university
      • Highly sensitive data is data based on legal specifications, law, or any other data that needs to be protected
    • Protect data for those that conduct business with the university
security awareness policies10
Security Awareness:Policies
  • Policy 61.002: (Continued)
    • Authorized use
    • Limit Access
    • Safeguard SSN
    • Departments are responsible for reviewing and monitoring internal policies
    • Exercise caution and care
security awareness policies11
Security Awareness:Policies
  • Policy 62.001: Continuity of Operations Disaster Recovery Plan
    • Password protected to ensure security
    • Describes the procedures for restoring operation in the event of disaster as soon as possible
    • Contains possible scenarios
    • Contains list of servers and network equipment and the type of equipment each is
    • If restoration is needed, the order of restoration is included
security awareness policies12
Security Awareness:Policies
  • Policy 62.001: (Continued)
    • Management Team
      • makes decisions and directs recovery
    • Damage Assessment Team
      • determine extent of damage
    • Recovery Team
      • determine assets needed
      • conduct recovery
    • Contact information for team members, contractors and vendors
security awareness policies13
Security Awareness:Policies
  • Policy 62.001: (Continued)
    • Backup procedures
    • Risk Assessment and planning
    • Restoration procedures
security awareness policies14
Security Awareness:Policies
  • Resource Authorization Request / OIT Request Form & Information Security Access Agreement
    • All users must have one
    • Agreement with university to abide by policies, laws and procedures
    • New users use this to get accounts for necessary access
    • Get access to additional resources
    • Needs supervisor signature
ad