FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:     | 1 ||

«Approved by the IT Committee (December 2004) Table of Contents Summary Overview Definition of Administrative Information Employee Information Family ...»

-- [ Page 2 ] --

7. Department Security Manager provides training and documentation to employee.

8. Employee must change password upon first login.

Procedure for Modification or Termination of existing accounts:

1. Department Security Manager fills out the Administrative Account Request Form on the ITS website with instructions (modify or terminate).

2. System Administrator makes the appropriate changes.

3. System Administrator files the Administrative Account Request Form (copy of email).

4. System Administrator replies to Department Security Manager indicating that security has been modified or removed.

On a periodic basis, ITS System Administrators will review reports identifying failed login attempts, “super user” logins and origins of login.

Annually, Department Security Managers will be required to review a complete list of all system privileges assigned in their area. The cover page of this report must be signed by the Department Security Manager and returned to the CIS team within two weeks.

Administrative Information Systems Security Policy & Procedures 7 Passwords The most effective way to protect administrative information is through the vigilant use of user-defined passwords.

Passwords must conform to the following standards:

Password must have at least 6 characters. Only the first eight characters are significant Password must contain at least 2 alphabetic and at least one numeric or special character Password must differ from the login name and any reverse or circular shift of that login name New passwords must differ from the old one by at least 3 characters Passwords must be changed by the user every 120 days It is your responsibility to protect your password from disclosure. Every individual, including student employees, must have a unique user login. Passwords must not be shared with any other person. If you suspect that your password has been compromised, please change it immediately and contact the CIS team at 5CIS (5247) or send an email message to cis@hamilton.edu to report the security breach.

After five consecutive failed login attempts, the system will stop issuing a login prompt and will close your connection to the Administrative system. If you require your password to be reset, please contact the CIS team at 5CIS (5247) or send an email message to cis@hamilton.edu.

Student Employees It is critical that anyone accessing the Administrative System have their own login and password. ITS System Administrators will create a separate account for each student employee that requires access to the Administrative system to perform their job function. The accounts created for student employees will be of the format [department_code + ws1, ws2, ws3] or [department_code + int1, int2, int3]. For example, if the Admission office employs three student employees who require access to the Datatel system, ITS will create the following three accounts: admws1, admws2 and admws3.

As student employees terminate their employment with an administrative office, the password for the account must be reset to insure that future access is denied. All accounts for student employees will be reset by ITS at the conclusion of every academic year. It is the responsibility of the department head or Department Security Manager to inform ITS whenever a student employee terminates employment with the administrative office.

The administrative office that employs the student is responsible for tracking which student is using which account. Recall that there can be no sharing of accounts - every employee must have a unique account. Upon demand from ITS, the department head or Department Security Manager must be able to match a student employee name to an account for a particular date or range of dates.

The department head or Department Security Manager is responsible for monitoring all student employee access to the system and insuring appropriate and accurate work is being performed. The department may choose how to best monitor student employee access to the administrative system either via distributing the account information to the student employee or by logging into the system for the student employee using the student’s designated account.

Administrative Information Systems Security Policy & Procedures 8 Web Access to Information Access to institutional data is also available through Datatel’s Web Advisor applications and through the MyHamilton portal. Usernames and passwords may be made available for applicants, students, faculty, employees and alumni volunteers. It should be noted that the web presentation method in no way diminishes the importance of protecting the institutional data. Web browsers allow you to save passwords used to access external sites. You should be wary of using this feature. If you choose to save a password, be aware that anyone using your PC will be able to gain entry to that site using your password.

Department Security Manager Responsibilities The department head of each administrative office must assign a Department Security Manager and an alternate who is responsible to authorize and monitor access to the administrative information.

An Administrative Account Request Form must be completed for each individual who is provided access to the administrative system. This same form must be completed to modify or remove access.

It is just as important to remove access to the administrative system, as it is to authorize access to the administrative system. The Department Security Manager should document the completed Administrative Account Request Form.

Annually, the Department Security Manager will be required to review all security authorizations for the department. A report will be produced and distributed by the System Administrators. The cover page must be signed and returned within two weeks to the CIS team indicating the security is accurate.

ITS System Administrators reserve the right to deactivate the Department Security Manager’s access to the administrative system, if the review of security authorizations is not completed in a timely manner.

Anti-Virus Software Hamilton College requires all computers connected to the network to have up-to-date virus protection.

Failure to do so will result in the loss of connectivity to the Hamilton College network until the situation is corrected.

In addition, all attachments to e-mail sent to the Hamilton mail server are scanned for viruses. If an attachment is found to be infected it is deleted and a text file is attached to the e-mail message (called substitute.txt) informing the receiver that the attachment was infected with a virus. The receiver can then contact the sender to have the message retransmitted after the attachment has been cleaned of the virus.

For more information on Anti-Virus software please visit the ITS policies web page.

Critical Security Patches (Windows computers only) The Windows Software Update Service is an automated process to enable users of computers running the Windows XP and 2000 operating systems to apply critical updates from Microsoft on their machines.

For more information on the Windows Software Update Service please visit the ITS policies web page.

Administrative Information Systems Security Policy & Procedures 9 Unattended Computers You must logout from the client software (User Interface) when leaving your PC unattended. This software only requires one password verification. Once logged in, access is provided to all applications you are authorized to use.

An industry “Best Practice” is to shutdown or logoff your PC prior to leaving it unattended. If you do not shutdown, be aware that your email, printers and network drives are readily available to anyone who may walk up to your PC. If your office resides in a building within the firewall, there is an increased risk of gaining unauthorized access to the administrative information system.

You may run multiple copies of the client software (User Interface) from your PC (i.e., more than one login session.) Please be aware that there is a limit to the number of concurrent login sessions available at any given time (100). Once that limit has been reached, other users across campus will be blocked from login. As a courtesy to others, please logout sessions that are not active. During certain peak processing times such as during Web Registration, ITS may request that you limit your connection to one (1) session.

Equipment Security All computer equipment in your office should be reasonably secured from theft. Laptops and other portable devices are obviously the most vulnerable. By storing data on the network drive rather than physical drive C: on your PC, you not only provide additional security for your information if your laptop should be stolen, but you can then access your information from off-campus through the Virtual Private Network. Caution should be used when storing administrative information on portable computers.

Specific buildings on campus are inside the firewall that protects administrative servers. Be wary of providing access to Ethernet taps to those outside your office (i.e., students, vendors, friends, alumni, etc.) Modems installed on on-campus PC’s provide a significant security threat. Only individuals who require a modem as part of their job responsibilities should have them. The “auto-answer” feature must always be turned off.

Printed reports Reports containing confidential and sensitive data, either test data or live production data, must be secured within the office. Reports should not be left on the printer or desktop in open view. Any report that is no longer needed which contains confidential and/or sensitive data must be shredded or stored securely until it can be shredded.

Communication The security of administrative information is a shared responsibility among the Hamilton College staff that use and support technology - all have a role to play. Vigilance is a daily activity. Effective, ongoing communication of this security policy and office procedures will play an essential part in our success.

Department Security Managers are responsible for discussing this policy with each user at the time system privileges are issued.

–  –  –

Please sign below and return to your Department Security Manager “I have read the Administrative Information Systems Security Policy and agree to abide by it.”

–  –  –

As an employee of Hamilton College, I may have access to confidential or sensitive information about students, staff, faculty, alumnae, donors, volunteers and customers.

Confidential information is protected by college policy and by law.

I acknowledge that I fully understand that the intentional disclosure by me of this information to any unauthorized person could subject me to criminal and civil penalties as imposed by law. I further acknowledge that such willful or unauthorized disclosure also violates Hamilton College’s policy and could constitute just cause for disciplinary action including termination of my employment regardless of whether criminal or civil penalties are imposed.

I will safeguard and will not disclose my username and password. Any access to Hamilton College electronic systems made using my username and password are my responsibility. If I believe someone else has used my login, I will immediately report the breach to the CIS team in ITS and will immediately reset my password.

My obligations under this agreement to protect confidential information continue after termination of my employment.

–  –  –

Pages:     | 1 ||

Similar works:

«© The Author(s), 2010. Reprints and Permissions: http://www.sagepub.co.uk/journalsPermissions.nav Millennium: Journal of International Studies Vol.38 No.3, pp. 593–614 ISSN 0305-8298; DOI: 10.1177/0305829810366473 http://mil.sagepub.com Power and Democratic Weakness: Neoconservatism and Neoclassical Realism Jonathan D. Caverley While realists and neoconservatives generally disagreed on the Iraq invasion of 2003, nothing inherent in either approach to foreign policy accounts for this....»

«AFTER THE DAGGERS : POLITICS AND PERSUASION AFTER THE ASSASSINATION OF CAESAR Trevor Bryan Mahy A Thesis Submitted for the Degree of PhD at the University of St. Andrews Full metadata for this item is available in the St Andrews Digital Research Repository at: https://research-repository.st-andrews.ac.uk/ Please use this identifier to cite or link to this item: http://hdl.handle.net/10023/928 This item is protected by original copyright This item is licensed under a Creative Commons License...»

«Court Services and Offender Supervision Agency for the District of Columbia Policy Statement 1000 Effective date: 11/25/2003 Page 2 III. POLICY Agency senior staff and managers shall issue policy and procedures and disseminate other information pertaining to policy and procedures in accordance with the procedures appended to this Policy Statement.More specifically, these procedures: • Require that Agency policy must be issued in the form of Policy Statements; • Require that Agency...»

«10 STEPS FOR INTEGRATING GENDER INTO THE POLICY-MAKING PROCESS Gender mainstreaming, by definition, involves integrating a gender perspective and gender analysis into all stages of designing, implementing and evaluating projects, policies and programmes.The 10 Steps for Gender Mainstreaming include: 1. A Mainstreaming Approach to Stakeholders: Who are the Decision-Makers? 2. Mainstreaming a Gender Agenda: What is the Issue? 3. Moving Towards Gender Equality: What is the Goal? 4. Mapping the...»

«Policy Memo A Critical Look at the National Popular Vote Proposal Center for Competitive Politics 124 S. West Street, Suite 201 Alexandria, Virginia 22314 http://www.campaignfreedom.org Introduction The National Popular Vote (NPV) proposal would represent a fundamental shift in how our nation elects the President. While many well-intentioned individuals and organizations support this cause and compelling arguments can be made in its favor, the NPV plan ultimately represents a scheme that...»

«Inter-American Development Bank Regional Policy Dialogue PUBLIC POLICY MANAGEMENT AND TRANSPARENCY: CIVIL SERVICE THE CIVIL SERVICE IN LATIN AMERICA AND THE CARIBBEAN: SITUATION AND FUTURE CHALLENGES: THE CARIBBEAN PERSPECTIVE GORDON M. DRAPER OCTOBER 2001 WORKING PAPER TABLE OF CONTENTS 1.0. Introduction 3 1.1. Background and Scope 1.2. Conceptual Issues 2.0. Civil Service Systems in the Caribbean 15 2.1. Size and demographics of the Civil Service 2.2. Current legal frameworks 2.3. Human...»

«8 POLICY ISSUES FACING THE MARKET FOR CREDIT DERIVATIVES Darrell Duffie THE FINANCIAL CRISIS has prompted calls for revamping the market for credit derivatives. For example, in a July 2008 speech, Fed Chairman Ben Bernanke noted that, “The Federal Reserve, together with other regulators and the private sector, is engaged in a broad effort to strengthen the financial infrastructure. In doing so, we aim not only to help make the financial system better able to withstand future shocks but...»

«A CONSUMER GUIDE TO AUTO INSURANCE INSURANCE ADMINISTRATION A CO N S U M E R G U I D E TO AU TO I N S U R A N C E TA B L E O F C O N T E N T S Introduction.................................................... 1 How to Shop for Auto Insurance..................................... 1 What Factors Impact Rates?........................................ 6 What Discounts are...»

«Heroes or Zeroes? The discursive positioning of ‘underachieving boys’ in English neo-liberal education policy Prof Becky Francis, Roehampton University Published in Journal of Education Policy, 21 (2) 187-200. Heroes or Zeroes? The discursive positioning of ‘underachieving boys’ in English neo-liberal education policy Abstract: The moral panic concerning ‘boys’ underachievement’ is well established in the UK and Australia, and is spreading to other countries. Feminists have...»

«THE DEMOCRATIC QUALITIES OF COURTS: A CRITICAL ANALYSIS OF THREE ARGUMENTS Richard Bellamy The democratic critique of judicial review by constitutional courts has prompted its defenders to counter that courts have democratic qualities as good as, and in certain respects even stronger than, conventional democratic politics. This article offers a critical analysis of three arguments favouring this approach. The first argues that constitutional courts operate as exemplars of democratic...»

«Getting out and about: Investigating the impact of concessionary fares on older people’s lives A study by the Transport Action Group – Manchester Authors: Emily Hirst and Bill Harrop July 2011 Getting out and about: Investigating the impact of concessionary fares on older people’s lives A study by the Transport Action Group – Manchester Authors: Emily Hirst and Bill Harrop. Preface The Transport Action Group This study was initiated through the Transport Action Group – Manchester...»

«Sida Evaluation 05/21:2 Turning Policy into Practice: Sida’s implemention of the Swedish HIV/AIDS strategy Concept Paper Ulrich Vogel Kim Forss Anne Skjelmerud Pol Jansegers Department for Evaluation and Internal Audit Turning Policy into Practice: Sida’s implemention of the Swedish HIV/AIDS strategy Concept Paper Ulrich Vogel Kim Forss Anne Skjelmerud Pol Jansegers Sida Evaluation 05/21:2 Department for Evaluation and Internal Audit This report is part of Sida Evaluations, a series...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.