University Information Technology

Policies and Guidelines

Departmental IT Best Practices - Information Security

Last Updated: April 15, 2011
Reviewed: January 11, 2010

Who does it apply to?: Departmental Management
Why is it important?: To ensure confidentiality, integrity, and availability of information resources.

Practices

Controlling Access to Information

What is it?: Controlling access to information through owner identification and user authentication.
WHAT NEEDS TO BE DONE:: Identify data owners, privileges to be granted to users, and implement security controls to authenticate users.

Existing Guideline(s):

Rotating and Separating Duties

What is it?: Separating and rotating data processing duties to minimize the risk of fraud.
WHAT NEEDS TO BE DONE:: Periodically rotate assignments for those individuals who work with sensitive data.

Existing Guideline(s):

IT Security Manual: "Rotation and Separation of Duties"

Ensuring Individual Accountability

What is it?: Ensuring any file/date modifying activity is traceable to the individual initiating it.
WHAT NEEDS TO BE DONE:: Ensure each computing resource identifies an individual before access is granted.

Existing Guideline(s):

Security Manual: "Individual Accountability"

Reporting Security Violations

What is it?: Ensuring computer users know their responsibility to report computer abuses to an appropriate UH official.
WHAT NEEDS TO BE DONE:: Ensure computer users know their responsibility to report computer abuses.

Existing Guideline(s):