Information Security


Policies

Information technology resources constitute a valuable University asset that must be managed accordingly to ensure their confidentiality, integrity, and availability. Carrying out this mission requires the University to establish basic policies and standards. As such, the following University Information Technology Policies and Procedures are intended to facilitate and support reasonably secure, authorized access to University information.

Full Policy GO



Simple Steps to be Compliant

We know that the ITS policy document can be intimidating when you first get it, so we have created a simple checklist to help you get a head-start on becoming compliant. Remember that you will still need to be familiar with the actual document.

Confidential Information

  • Protect the information you are using. Never leave it in the open for others to see (put papers away, lock your computer screen, etc) and never give it out without approval.
  • If you are unsure if something is confidential, treat it like it is and ask your supervisor.

User Accounts

  • Use a strong password (i.e. Use upper- and lower-case letters plus numbers) and do not share it with anyone (not even your supervisor).
  • If you need to share a resource (e.g. computer, application, etc), please contact ITS and we will make the proper arrangements.
  • Log out of systems (e.g. Jenzabar) that you will not be using for a prolonged period of time (lunch break, overnight, etc).

Email

  • Email is not a secure communication tool so be careful with what you say. Once an email is sent, other people may be able to read it and there is no taking it back (no recalling).
  • Employee email accounts must use Park's standard signature and no backgrounds or other stationery items.
  • Be careful when opening attachments. Do not open anything unless you are expecting it, even if it is from a familiar address.
  • If you need to send confidential information to someone, contact ITS to make sure it is protected.

Internet

  • Use care and common sense when surfing the Internet. If a web site sounds too good to be true, it probably is. Some web sites will even infect your computer just by looking at a page.
  • Do not download software. Many innocent-looking downloads will also contain spyware and other malicious software that will steal information and slow down your computer.
  • When logging into web sites, make sure you do not let the computer save your login information (i.e. “Remember Me,” “Automatically Log Me In,” etc). Otherwise, anyone else who can get on that computer will have access to your accounts.

Desktop Computers

  • Software that is not University approved is not allowed (e.g. Weatherbug, Hotbar, etc).
  • Requests for approved software will be made to ITS, who will perform the install.
  • ITS is the only authorized party to make hardware and software changes (e.g. application settings, new software, new hardware, etc) on a computer.

Incident Reporting

  • If you notice any incidents (e.g. viruses, policy violations, information stealing, etc), contact Information Security at infosec@park.edu. You may also want to advise your supervisor of the situation.
  • Do not talk with others about the incident. Gossip may harm the integrity of any possible investigations.