General IT Policies | University Information Policy Office Role | University Information Security Office Role
Who Is Responsible for Security?
Security is a responsibility shared between the organization that owns the system, the system administrator, anyone who uses the system, and anyone who walks in the room where the system is located. All University faculty, staff, and students are entitled to the privilege of accessing computing resources and network capacity. Individuals outside the University can access the same types of resources for purposes consistent with the University’s mission. Certain responsibilities accompany that privilege.
The computer user at IU is responsible for correct and sufficient use of the tools each computer system provides for maintaining the security and confidentiality of information stored on it. Examples of the user’s responsibilities are as follows:
- To protect computer accounts, passwords, and other types of authorization that are assigned to individual users.
- To always log out of accounts and shared computers.
- To understand the level of protection each computer system automatically applies to files and supplement it, if necessary, for sensitive information.
- To take steps to understand computer viruses and other destructive programs and to take appropriate action to protect your accounts and computers from such threats.
- To honor and maintain all of IU’s system security procedures and confidential information.
- To use accounts for legal purposes only and to uphold all software copyrights and license agreements.
Note: If you are a staff member at Indiana University, then your machine may be managed by a professional local support provider (LSP); therefore, you may not have privileges to make all the changes which are presented in the exercises. However, the information will still be valid because you will better understand what it is that your support provider actually does for you and why. Also, this knowledge may be applied to your home computer.
By accepting an IU computing account, you are responsible for following all applicable IU policies, some of which are summarized below.
General IT Policies
University Information Technology Services (UITS), together with computing centers at each campus, as well as many academic departments and administrative units, have responsibility for providing and maintaining shared computing tools. General policies regarding the resources IU provides are outlined as follows:
- Access—Indiana University will provide access to appropriate central and campus computing resources, and to their attached networks, to all members of the University community whose work requires it. Fees are charged for some services.
- Availability—Indiana University will make its central and campus computing resources and networks available to users with the fewest interruptions possible.
Some university units such as colleges and departments may have in place more specific policies related to the use of information technology. For policy statements on university-wide, campus-wide, or departmental IT policies, go to:
http://informationpolicy.iu.edu/policies/
University Information Policy Office Role
The University Information Policy Office provides assistance in reviewing specific situations and analyzing and determining appropriate IT policy. This office also coordinates response to incidents of abuse or inappropriate use of information or information technology, such as security breaches, compromised machines, and copyright infringement.
The policies maintained by this office apply to all units on all eight campuses and provides basic IT policies on such issues as:
- Use—Reflects the policy on what IU technology resources can be used for, which does provide for “incidental personal use.”
- Sanctions—Specifies disciplinary procedures for violation of policies.
- Privacy—Specifies situations when a user’s stored computer information can be accessed. Policy basically states that no one can look at your files or -mail without appropriate justification. There are exceptions as to when your files can be accessed and what the appropriate justification is in those cases.
For more specific information on the University Information Policy Office, go to:
http://informationpolicy.iu.edu/
University Information Security Office Role
The University Information Policy Office, with the University Information Security Office, assists in responding to and investigating incidents related to misuse or abuse of Indiana University information technology resources. This includes computer and network security breaches and unauthorized disclosure or modification of electronic institutional or personal information.
Other services of the University Information Security Office role is to:
- Provide IT security awareness and education
- Provide IT security guidelines and standards
- Provide security consulting and review
- Maintain production services
- Investigate and document IT security incidents
For IT incidents involving threats to personal safely or physical property, immediately contact the campus police department. For electronic information and/or systems security incidents requiring immediate attention, call your local Campus Support Center or send details to the email address:
To stay informed of security issues, you may view bulletins or subscribe to receive University Information Security Office bulletins by email at:
http://informationsecurity.iu.edu/resources/bulletins/
For more information on the University Information Security Office and its services, go to:
