3.8.1 Information Security Policy
Academic and business information resources are critical assets of the University and must be appropriately protected.
Any person who uses or provides information resources has a responsibility to appropriately maintain and safeguard these assets. This policy is designed to protect both information stored on or accessed through University Computing and Communication Resources and those resources themselves. These resources include information resources and intellectual property owned by others whose rights must also be protected.
Information security is the protection of data against accidental or malicious destruction, modification or unauthorized disclosure. Information will be protected based on its value, confidentiality, and/or sensitivity to the University and the risk of loss or compromise. Information security management enables information to be shared while ensuring protection of that information and its associated computing and communications assets. The University is responsible for ensuring appropriate controls are in place to preserve these security objectives.
Information is useless if it cannot be accessed and/or used to advance the academic and business interests of the University. Therefore Information security also involves guarding against unauthorized withholding (e.g., denial of service).
The University has a multitude of points of access to its data – dozens of departments and three campuses. Because numerous administrative units and academic departments are responsible for the processing and storage of information, each is also the steward of significant information assets owned by the University. The University relies upon each campus, department and individual system administrator to preserve and protect those assets in an appropriate, consistent and reliable manner. Security controls provide the necessary physical, logical and procedural safeguards to accomplish those goals.
This policy addresses the need to make Users and providers of information aware that they have a responsibility to appropriately safeguard the University’s information assets as they would other resources. The unauthorized disclosure, destruction or prolonged unavailability of the University’s information or information technology could harm the University, its students, its employees and other members of the University community.