GOOD SECURITY PRACTICES
Everyone who uses a computer should be aware of and use good security practices on their systems to protect both themselves and their organizations.
The actions listed below should be taken by all computer users, even if you do not have highly sensitive data stored on your computer.
If you need assistance implementing these steps, please contact the ITU Support Center at 703-993-8870.
- Activate a Password Protected Screensaver
- Use Strong Passwords for All of Your Accounts
- Automatically Receive Critical Updates
- Verify Antivirus Software is Configured Properly
- Use Anti-Spyware Software
- Use Unique Passwords for all User Accounts
- Back Up Files As Needed
- Never Open Suspicious E-mails or Attachments
- Use SSL or https for Online Transactions
- Reformat Hard Drive if Owner Changes
- Use Secure Shell for Transferring Files
- Best E-mail Practices
FOR WINDOWS USERS ONLY:
- Use Windows XP Prof. or Vista
- Browse Safely
Securing Highly Sensitive Data
The data in this category require extraordinary protection because it has the potential to cause severe damage to people or the university if it is lost or accessed by unauthorized persons.
Examples include, but are not limited to: extensive personal information lists (sets of information that form a "complete picture" of a person); a file of passwords to other systems; police records; medical records; formulae for dangerous substances; bank account information; internal EEO accusations (or other information that would cause great personal reputational damage); crosswalks (lists that match two ID numbers like SSNs and G Numbers). These are just a sample of the type of data that requires extraordinary security measures.
Security at this level is best handled by in-depth consultation with the Director of IT Security, Curtis McNay. Please contact Curtis to arrange a consultation at 703-993-4183. If you need assistance implementing the "Security Tips " listed below, please contact the ITU Support Center at 703-993-8870.
Some Warnings About Highly Sensitive Data:
- No users are permitted to carry or store "Highly Sensitive" data on any device, unless they have been authorized by their Data Steward, per the Data Stewardship Policy 1114. See Authorization to Store Highly Sensitive Data Procedures.
- NIST-certified encryption software must be used to protect Highly Senstive data on mobile devices. If you have been authorized by your Data Steward to carry or store "highly sensitive" data, please contact the ITU Support Center and request encryption.
- Highly Sensitive data should not be accessed remotely unless you are using a secure Virtual Private Network (VPN). To use the university's VPN solution please fill out the VPN request form. This is for university-owned systems only.