Policy Designed to Keep UA Information, Technology Safe
The University of Arizona has adopted a new information security policy that aims to reduce security risks to information and technology on the UA campus.
"The information and technology of universities are popular targets for attack," said Sylvia Johnson, the UA's information security officer. "The policy and the supporting guidance will assist in reducing the risks to UA information resources."
In 2007, a security breach of UA computer systems resulted in the disruption of service in Libraries and Procurement and Contracting Services. While the newly approved policy is not a response to that incident, it is designed to protect against breaches like that one.
The policy was approved by President Robert N. Shelton in May and will be implemented by vice presidents, deans, directors and department heads in their respective units in the coming months.
Under the policy, UA employees will be required to ensure that the computers they use to access University information have recent operating systems and software patch updates and antivirus software installed, Johnson said. Employees also need to make sure they use strong passwords.
"All these are best practices and now are requirements," Johnson said.
Another important aspect of the information security policy is incident reporting. University Information Technology Services offers several ways for members of the University community to report suspicious activity and information technology incidents, such as the unauthorized use of a computer or a computer system.
In addition to reporting incidents to system administrators and network managers, community members also can contact the UITS Help Desk at 621-HELP, UA Security Operations at secops@arizona.edu or the UITS security Web site, http://security.arizona.edu/report.html.
In conjunction with the new policy, UITS will launch a "Securing UA" campaign to inform faculty, students and staff about the best ways to keep their information safe.
"Through the Securing UA campaign, we will announce initiatives, measures and tips for achieving greater security of information assets," Johnson said.
Topics the campaign is expected to cover include guidance for implementing the information security standards, collecting and using Social Security numbers, implementing secure Web development, registering critical computers, using procedures for securing highly sensitive information and conducting vulnerability assessments.
To help employees better understand the policy and its requirements, the Information Security Office is developing an online security awareness training program, Johnson said. The office also provides security awareness training sessions for departments and units upon request.
The entire UA information security policy is available at http://security.arizona.edu/policy.
Delicious
Digg
Google
MySpace
Propeller
Reddit
StumbleUpon
Yahoo