Policies and Guidelines

Departmental IT Best Practices - Information Security

Last Updated: April 15, 2011
Reviewed: January 11, 2010
Who does it apply to?
Departmental Management

Why is it important?
To ensure confidentiality, integrity, and availability of information resources.

Practices

Controlling Access to Information

What is it?
Controlling access to information through owner identification and user authentication.

WHAT NEEDS TO BE DONE:
Identify data owners, privileges to be granted to users, and implement security controls to authenticate users.

Existing Guideline(s):

Rotating and Separating Duties

What is it?
Separating and rotating data processing duties to minimize the risk of fraud.

WHAT NEEDS TO BE DONE:
Periodically rotate assignments for those individuals who work with sensitive data.

Existing Guideline(s):

Ensuring Individual Accountability

What is it?
Ensuring any file/date modifying activity is traceable to the individual initiating it.

WHAT NEEDS TO BE DONE:
Ensure each computing resource identifies an individual before access is granted.

Existing Guideline(s):

Reporting Security Violations

What is it?
Ensuring computer users know their responsibility to report computer abuses to an appropriate UH official.

WHAT NEEDS TO BE DONE:
Ensure computer users know their responsibility to report computer abuses.

Existing Guideline(s):