078.1 Information Systems Security

Created by: Dana Trebing on 02/23/2005
Category: 0 - General Administration; 70 - Computer Services
Originator: Chief Information Officer
Current File: 078.1
Adoption Date: 01/31/2013
Reviewed for Currency: 01/31/2013
Replaces File: 078.1
Date of Origin: 05/18/1979
Classification: Faculty
In Archive? 0

078.1 Information Systems Security


A. Background

Computer systems are used to store information that is private, confidential, and sensitive. Unauthorized access to, modification of, or falsification of such information is unethical and illegal.


B. Policy

All programs and files within any computer system shall be considered confidential and private and as such may be accessed only by those with a legitimate need to access such information and to whom permission has been granted by the person responsible for its security.


C. Guidelines

1. The Chief Information Officer has the responsibility for providing leadership in safeguarding the confidentiality and privacy of the programs and files. All users are expected to share this responsibility.

2. The absence of security protection on a file or resource shall not imply permission to access that file or resource.

3. Anyone placing confidential information in a computer file, or designing systems to store and process confidential information, must ensure that all reasonable measures to restrict access to that information are taken, and that all applicable laws and standards are followed.

4. Wherever feasible, each user of a computer system must be uniquely identified with a user identification and password known only to that user. Each person assigned such a user identification will be held responsible for all activity attributed to that user. Therefore, users should not share their passwords with others, should choose passwords that are difficult to guess, and change them frequently.

5. Any new systems that are implemented must adhere to the requirement for unique user identification. Existing systems that rely on shared passwords should be phased out as quickly as possible.

6. Information Technology Services may implement procedures which require users to choose passwords which are difficult to guess and to change them often.

7. Information Technology Services and other departments that control or give permission for access to programs and data should perform a regular audit to determine whether an individual's or group access to such programs and data is still appropriate.

8. Information Technology Services must be notified immediately upon the termination of employment or student status of any individual that has access to Furman computing systems, and the reason for such termination. Information Technology Services staff will delete the accounts of such users, unless special arrangements have been made with the former user's supervisor.

9. This policy shall apply to all persons, including students, faculty members, staff members, and others.

10. This policy shall apply to all programs and data files within any computer system, whether the files belong to a student, a faculty member, an administrative office or a data processing customer.

11. Anyone who has knowledge of an attempt by anyone to violate this policy shall make known this violation to the Chief Information Officer.

12. Any person guilty of violating the security of any files or programs shall be subject to dismissal from the university and/or criminal charges.