Departmentally Managed Campus Computers: Your Responsibilities


Learn About Security | End User – Self managed system(s)


This “Check List” is intended to help you manage the risk in your environment. Use it as a means of assessing your information security and to identify areas you can improve. More completed items means less institutional and personal risk.

Sensitive/ Protected data

  • I know what restricted (Level III) or protected (Level II) data is.
  • I store high sensitivity/restricted (University Level III) information on a secure department file server (or within university web applications), instead of locally on my workstation, laptop, tablet, or other mobile device.
  • If I use a laptop, tablet, or other mobile device, I work with my local IT support staff to implement full disk encryption on the device.
  • I always use secure end-to-end network encryption (e.g., “https” for web sites, “sftp” for file transfers) when communicating any sensitive information.
  • I know which files I work with that contain restricted (University Level III) information, and where those files are stored.
  • I regularly run the Identity Finder software program on my desktop to ensure it doesn’t locally store any social security, credit card numbers or passwords.
  • If Identity Finder flags files with Level III data, I promptly delete, edit, or move them to a secure location.
  • I do not share restricted or protected institutional data without appropriate authorization from the business owner for that data.
     

Computer/ System Security Requirements

  • My local IT support staff manages my device(s) to ensure University baseline security standards are implemented.
  • My HawkID passphrase meets the password policy - at least nine characters or more and is never shared with anyone.
  • All of my important information is stored on my home (H:) or on my department shared (L:, S: etc.) drive space, which is backed up.
  • I have discussed with my supervisor and completed training requirements related to my position. Examples of training could be, FERPA, HIPAA or Security Awareness.
     

Work Area Security

  • I make sure my computer’s screen is password locked while I am away from the device.
  • I physically secure restricted information on any media (e.g., paper, electronic, external storage devices, DVDs), locking them in a desk drawer or file cabinet.
  • I never reply with personal information or click on suspicious links requested in an e-mail.
  • I know to check with my local IT Support or call the Help Desk (4-HELP) if ever I have any doubts determining the legitimacy of any requests for information.
  • I question anyone who requests my personal information, and verify that they have the authority to make the request.
     

Responding to Incidents

If I suspect I have a security issue with my computer, I contact the Information Security and Policy Office (5-6332) immediately, before I do anything else on my computer.
If I have a problem with my HawkID, I contact my local IT support or the Help Desk (4-HELP).
 

If you interact with a computer, computer security is important to you.

  1. Ensure that the integrity, confidentiality, and availability of data are maintained at an appropriate level all times. Computer security is an ongoing process, not a one-time effort.
  2. Don’t reinvent the wheel or stress on how to implement security controls. Capitalize on services provided to you by the University that will save your time, and that will very likely provide you with a higher level of security.
  3. Where possible, engage your local IT support staffs about services, software, and resources that are available to you.
  4. Take the time to review and follow IT policy, which governs all personal and self-managed devices, as well as centrally managed devices connecting to the campus network. Policy is developed to protect you and the University community from harm (such as loss, damage, or exposure of data), as well as to achieve compliance with federal and state regulations.
  5. See http://itsecurity.uiowa.edu/university-it-policy for a complete list of University IT policies

 

Resources for more information
Enterprise Services

  1. Identity Finder - Identity Finder helps you find restricted information stored on your computer. Identity theft can occur when personal information, such as social security numbers and credit card numbers, fall into the wrong hands. For more information on the application and how to install and run it visit: http://its.uiowa.edu/identity/
  2. UI Anywhere - If you are working remotely to access and use institutional data and systems on campus, do so via the University’s VPN service (UI Anywhere). Instructions on how to install and use the application to securely access UI campus resources can be found here: http://its.uiowa.edu/vpn
Sensitive/ Protected Data:

Institutional Data Access Policy
Data Classification Guidelines
Encryption Resources
Cloud Computing Resources
Procedures for handling a computer system compromise incident
Work Place Best Practices