GOOD SECURITY PRACTICES
Everyone who uses a computer should be aware of and use good security practices on their systems to protect both themselves and their organizations.
The actions listed below should be taken by all computer users, even if you do not have highly sensitive data stored on your computer.
If you need assistance implementing these steps, please contact the ITS Support Center at 703-993-8870.
Use a modern and secure operating system, such as Windows 7 or 8, or Mac OSX 10.7 or later.
Securing Highly Sensitive Data
Data in this category requires extraordinary protection because it has the potential to cause severe damage to people or the university if it is lost or accessed by unauthorized persons.
Examples include, but are not limited to: extensive personal information lists (sets of information that form a "complete picture" of a person); a file of passwords to other systems; police records; medical records; formulae for dangerous substances; bank account information; internal EEO accusations (or other information that would cause great personal reputational damage); crosswalks (lists that match two ID numbers like SSNs and G Numbers). These are just a sample of the type of data that requires extraordinary security measures.
Security at this level is best handled by in-depth consultation with the Director of IT Security, Curtis McNay. Please contact Curtis to arrange a consultation at 703-993-4183. If you need assistance implementing the "Security Tips " listed below, please contact the ITS Support Center at 703-993-8870.
Some Warnings About Highly Sensitive Data:
- No users are permitted to carry or store Highly Sensitive Data on any device, unless they have been authorized by their Data Steward, per the Data Stewardship Policy 1114. See Authorization to Store Highly Sensitive Data Procedures.
- NIST-certified encryption software must be used to protect Highly Sensitive Data on mobile devices. If you have been authorized by your Data Steward to carry or store "highly sensitive" data, please contact the ITS Support Center and request encryption.
- Highly Sensitive Data should not be accessed remotely unless you are using a secure Virtual Private Network (VPN). Instructions for connecting to the VPN are available at Using 2FA with CISCO AnyConnect VPN.