3.8.6 Network Attached System Security Policy
The University will take all prudent and reasonable measures to secure the systems that are attached directly to its internal network and indirectly to the external Internet.
The internal data network and the external Internet are tremendously powerful tools in academia, facilitating the free exchange of ideas and instant access to a wealth of information. Likewise they are excellent business tools empowering University employees to gather information, improve internal and external communications, and increase efficiency in its business relationships. Similarly, communications systems such as World Wide Web servers and email servers can dramatically increase efficiency and communication among the University’s students, employees, academic and business units. Unfortunately, at the same time that these networks provide access to the University community; they also have the potential to provide worldwide access to University systems from individuals with harmful intentions. Certain safeguards are necessary to enjoy the benefits and freedom of networks while minimizing the risks posed by those very connections.
The Information Security Analyst has the responsibility to assist and guide the University in meeting this policy. Given that the best plans and processes may be thwarted, the Chief Information Officer will establish and maintain a Security Incident Response process to help mitigate the many security risks associated with Internet technology.
While networks hold tremendous potential as communications and research media, universities, as relatively open institutions, can encounter problems unless appropriate system security precautions are taken. The intent of this policy is to direct those within the University who are responsible for Computing and Communications Resources to establish appropriate system controls to enable the safe and secure use of the internal network and external Internet by the University community.