Protect the Data

October is National Cyber Security Awareness Month, which provides a great opportunity to announce new and updated University Information Technology (IT) policies. The University Information Technology Advisory Council (ITAC) has implemented a new structure for the development, approval and distribution of IT policies. The new structure includes policies, standards, procedures, and guidelines as defined below.

• Policy
  
  
  
  • Broad general statement or principle
    
  • Changes infrequently
    
  • Institution-wide application
    
  • Approved at senior level (President)
  
  
• Standard
  
  
  
  • Focus on requirement and controls
    
  • States how to accomplish policy
    
  • Detailed processes that require conformity
    
  • Approved by ITAC
  
  
• Procedure
  
  
  
  
  • States how to comply with standard
    
  • Documents step-by-step process
    
  • Operational
  
  
• Guidelines
  
  
  
  • Documents best practices
    
  • Recommended, not required

The policies, standards, and procedures are the basis for our IT security program. OCCS leads the effort to develop and monitor the University IT security program to meet federal and state compliance requirements. Implementation of the IT security program is the responsibility of the entire campus community. We are all responsible for protecting the confidentiality, integrity, and availability of University data.

Every aspect of the IT security program serves to “Protect the Data”. The policies apply to all IT resources used to conduct University business or used to transmit or store sensitive data. For the most part, the policies are based on recognized best practices in IT management and security. In some cases, the policies are very prescriptive to comply with a new Commonwealth of Virginia security standard. The policies are not intended to restrict academic instructional or research activity. However, no activity should place University data at risk. We don’t want confidential data exposed or stolen, the integrity of our data questioned, or to lose any important data. We must “Protect the Data”.

A full listing of the updated and new policies and standards is available on the OCCS web site at http://occs.odu.edu/policies/index.php. The policies are also available on the University Policy and Procedures web site at http://www.odu.edu/ao/polnproc/. I hope you will take the time to read and understand the policies and standards. I want to conclude with some recommendations that you can implement to help secure our IT environment.

1. Store sensitive data on University servers. If you are storing sensitive data on departmental servers or other media, make sure that appropriate security practices are in place.
   
   
2. Let the TSP be the administrator on your computer. A single compromised machine increases the risk for other University IT resources. If you must be the administrator of your machine, we recommend the following minimal actions.
   
   
   
   
   
   1. Use a normal user account for daily activities
      
      
   2. Only use administrator access when necessary.
      
      
   3. Enable the Windows firewall
      
      
   4. Use strong passwords
      
      
   5. Install operating system and security patches through the University WSUS server
      
      
   6. Use anti-virus software
      
      
   7. Disable file shares
      
      
   8. Minimize network services
   
   
   
3. Block spam email by using SpamTrap
   
   
4. Browse the Internet wisely