Policies
and Standards
University of Minnesota,
Crookston Security Philosophy Information technology is an important
strategic and competitive tool that the University needs in order
to carry out its mission of teaching, research and outreach. The
growth of the Internet, increased networking, distributed computing
and other developments have greatly increased the availability and
speed of information exchange. Unfortunately, these same developments
have also increased the risks of losing or compromising that functionality.
It is important to recognize and mitigate these risks by following
appropriate information security policies and practices in order
to assure the continued availability and integrity of University
systems.
Information itself is an extremely important asset to the University.
To protect it, information security and assurance policies and
procedures address, among other subjects, the following:
• User Authentication
• Access
• Data Privacy
• Confidentiality
• Acceptable Use of Information Technology
• Operational Continuity
Because of the inter-relatedness of the various parts, the integrity
of the University systems, data and network must be a primary
factor in decision-making. Such decisions must include the risks
and benefits for the entire University system, as opposed to a
single part. Members of the University community need to be aware
that some inconvenience is often the price for greatly reduced
risk. Security awareness must increasingly be a part of everyday
work for all members of the University community, not just the
technical staff.
Members of the University community need to be stewards of the
University resources and information with which they are entrusted
at all times. Security is only as good as the weakest link. It
does little good to protect information, networks and systems
in one place but not another. Therefore, everyone in the University
community needs to exercise due diligence in securing and protecting
University information, systems and networks. This is true for
information in central systems, departmental systems and personal
desktop/laptop computers. It is true when members of the community
are accessing or using University information while physically
at work, traveling, or working at home.
By following good security practices we can help others in the
University community benefit from the decreased risk. "Good
neighbor" security practices help others for the common good.
Technology should be reviewed for conformance to industry and
University policies, practices and guidelines prior to deployment
rather than after a problem or incident. Members of the University
community can help themselves and others by increasing the visibility
and support for security within their department or work-group.
In order to further minimize damage to others and to meet legal
and other obligations, security breaches or incidents must be
reported in a timely and appropriate manner. To minimize future
risk, proactive searches for potential weaknesses in security
should be undertaken. A systematic method of altering and educating
appropriate staff concerning vulnerabilities and threats is required.
To assure the availability and integrity of information to the
University community and the public it serves, the need for responsible
and secure computing is a fact of life in an increasingly interconnected
environment. The University needs to protect its name and reputation
while minimizing costs through the use of appropriate information
security policies and practices.
University of Minnesota Crookston Guidelines & Standards
• Acceptable Use Guidelines
• Copyright Violations
& High Bandwidth Abuse
• Email Guidelines
• Personal Machine
Standard
• Remote Access Guidelines
University of Minnesota Policies & Standards
• University
of Minnesota Policies
• Downloading
&/or Sharing Copyrighted Material by University Employees
• Privacy and Security
Website
• OIT
Data Security Responsibilities
|
