ABAC Policy on Employee Responsibility for IT Security

A.  Protection of Confidential Information

 

Faculty and Staff will secure all personally identifiable digital information.  The College must comply with the Family Educational Rights and Privacy Act of 1974 and the Gramm-Leach-Bliley Act of 1999.

 

  1. Access to all computers used to view student information (i.e. transcripts, test scores, etc.) should be password protected.
  2. Passwords for entry to secure sites containing personal information should NEVER be shared.
  3. Personal information should NEVER be left on the screen.
  4. Password(s) should be changed at least every three months.
  5. Sensitive data or memos should not be sent via e-mail or attachment.
  6. Hard copies of sensitive data must be shredded before they are discarded
  7. Students should not be allowed to use faculty/staff computers without direct supervision.
  8. Credit card numbers should not be stored on any PC or server.  The processing of credit card transactions will occur via secure systems such as GANet, TouchNet, or other secure site as approved by the Vice President of Fiscal and Physical Affairs.

 

 

B.  E-mail and Internet Downloads, and Virus Protection

 

The college prohibits the downloading and execution of programs that consume a large amount of bandwidth that are not needed for academic or administrative purposes. 

 

The college will provide Anti-Virus Software that allows for the least amount of interruption or required activity from end users.  Installation will be configured for automatic scanning and automatic updates.  It is the end user’s responsibility to verify that the virus detection software is kept updated.   Removal of the college provided antivirus software will be considered a security violation.  Users who know of or expect interference between the anti-virus software and other applications that run on their workstations or laptops must contact OITS to evaluate and agree on alternative solutions.

All portable diskettes should be checked for viruses before they are used.

All software introduced into ABAC’s computing environment must be known to be virus free.

If symptoms of a virus appear, the system user should contact Tech Support in OITS immediately and isolate all diskettes and other media, which have been recently used on that computer. Do not under any circumstances allow the isolated program or data media to be used on another computer.

 

C.  Physical Security

 

All computer and technology equipment and resources shall be placed behind secured doors.  All computers and equipment in unsecured areas shall have proper securing devices applied to them.

Only those individuals specifically authorized by the administrator of IT resources shall have access to those resources. These resources include, but are not limited to:

  1. Backup diskettes, tapes and other media;
  2. Servers;
  3. Wiring closets, communication access points and networking devices (restricted to personnel authorized for access by Information Technology Services); and
  4. Workstation data (individual authorized users of the workstation).

 

D.  Disaster Recovery

 

Data should be protected from loss due to events such as hard-drive crashes, viruses, human error, theft and natural disasters. It is departmental and/or personal responsibility to establish guidelines for saving data from PCs to floppy disks, zip drives, or tape devices. Recovered data will only be as current as the latest back up.

 

Program installation disks and information should be stored for reinstallation.

 

 

E.  IT Policy Dissemination

 

Policy changes should be posted on the IT Web site. Faculty and staff shall be notified that such changes have been posted. 

 

 

F.  Violation

 

Violations of the IT Security Policy will be considered unacceptable use. (Please refer to the Policy on Employee Use of Technology Resources).

 

 

ABAC Office of Information Technology & Services

Phone:  229.391.4850

Return to ABAC's Home

Picture
248 hits since April 16, 2007