|
Security Policy Policy Objective: The University relies heavily on its information technology resources to meet its educational, research, informational and operational needs.The purpose of this policy is to ensure that the University's information technology resources are protected from abuse and to minimize susceptibility to attacks on University resources or from University locations against other sites without inhibiting access to information services. Standards, guidelines and procedures associated with this policy will be posted on the University Information Technology Services' (UITS) website. Policy Statement: The University of Connecticut provides information technology resources to its departments (academic and administration) in support of its academic mission. Deans, directors and department heads are responsible for the security of those information technology resources (including the facility, equipment, software and information) that are within their control and may delegate the coordination of the security for those resources to the system administrators who they appoint to manage them. The Chief Information Officer has overall responsibility for this policy. The Information Technology Steering Committee will review this policy on an annual basis and respond to formal complaints resulting from the implementation of this policy. In support of this policy, all departments that oversee University provided information technology resources will: - Provide UITS' Network Services and Server Support with the names, phone numbers and email addresses for the management contact person and primary technical contact person (system administrator) for their area,
- Use appropriate means to protect the University's information technology resources for which they are responsible and limit its risk of vulnerability by balancing the level of security with ease of use, cost, and likelihood of loss,
- Employ UITS recommended standards where appropriate and practical,
- Cooperate with UITS in addressing security problems identified by network monitoring,
- Address security vulnerabilities that UITS considers to be a significant risk to others,
- Report significant security compromises to UITS' Customer Support at (860) 486-4357,
- Adhere to Policies of Individual Departments and Units in developing their own IT policies.
University Information Technology Services (UITS) will: - Monitor backbone network traffic, as necessary and appropriate, for the detection of unauthorized activity and intrusion attempts,
- Carry out and review the results of network-based security scans of the systems and devices on the University's network in order to detect vulnerabilities or compromised hosts,
- Publish security alerts, vulnerability notices and other pertinent information to the University community in an effort to improve security and prevent security breaches.
- Coordinate all UITS network security efforts,
- Coordinate investigations into alleged computer or network security compromises/incidents,
- Cooperate in the identification and prosecution of activities contrary to University policy and the law,
- Develop procedures for handling a suspected intrusion and deploy those procedures in the resolution of security incidents.
- Act immediately when immediate technical actions are needed to protect University computing resources. For example, an e-mail account could be terminated to stop ongoing e-mail violations or a network node could be disabled to stop the spread of a virus.
All network users will: Last updated: November 10, 2008
|