Security Procedures

IT Security - Standard Operating Procedures & Minimum Requirements for Computer and Networked Devices

Purpose

The use of computers and networked devices has become commonplace at NVC. While the use of these technologies promotes collaboration and enhanced productivity, it can also provide opportunities for intruders and hackers to threaten our campus systems and information. Therefore the campus must balance the need for academic freedom with the need to protect our systems and data from unauthorized use.

Scope

Computers, printers, or other devices connected to the campus network must meet at least very basic minimum standards for security. If not, they are subject to being blocked from connection. If you believe that your required configurations cannot comply, you must provide a written request for exception to these minimum security requirements to the Dean of Institutional Technology.

Responsibilities

NVC users are expected to be aware of and adhere to the security procedures of computers and networks which they access. It is important for campus users to understand and practice safe computing to prevent compromising our systems and network. NVC employees are ultimately responsible for their use of computers and networked devices, and must personally take security measures protect campus systems and data in a variety of ways.

Standard Operating Procedures: The following minimum standards are required for any devices connected to or accessing campus networks and systems:

1. Software patch updates

Campus networked devices must install all currently available security patches in a timely fashion. Exceptions may be made for patches that compromise the usability of critical applications.

2. Anti-virus software

Anti-virus software must be running and up-to-date on devices connected to the campus network.  

3. Host-based firewall software

Host-based firewall software such as Windows Firewall must be running and configured to block unnecessary and unwelcome connections.

4. Passwords

Campus systems or services must identify users and authenticate access by means of passwords which meet the minimum password complexity standards and be changed on a regular basis (see NVC Password Standards).

5. Encrypted communications

Traffic across the Internet may be surreptitiously monitored, rendering information vulnerable to compromise. Encryption shall be used when possible and at all times for communications containing personal information.

6. Unnecessary services

If a service is not necessary for the intended purpose or operation of the device, that service shall be disabled. 

7. Physical security

Unauthorized physical access to an unattended device can result in harmful or fraudulent modification of data, fraudulent email use, or any number of other potentially dangerous situations. Where possible and appropriate, devices must be configured to "lock" and require a user to re-authenticate if left unattended for more than 15 minutes.

Other physical security recommendations include:

·Keep your room/office doors locked while unattended.

·Check to ensure your doors, windows, and storage areas are secured when you leave, even if only for a short time, and take your keys with you.

·If possible, take personal electronic devices with you, such as laptop computers.

·Do not leave valuable items in common areas or plain-sight.

·Report any suspicious activity or individuals to Campus Police when safe to do so.