Data management and computer security business manual mainframe (nwrdc) support services - computing _ information technology services _ fsu - information technology services
Security issues and framework of electronic medical record: A reviewjournalBEEI
The electronic medical record has been more widely accepted due to its unarguable benefits when compared to a paper-based system. As electronic medical record becomes more popular, this raises many security threats against the systems. Common security vulnerabilities, such as weak authentication, cross-site scripting, SQL injection, and cross-site request forgery had been identified in the electronic medical record systems. To achieve the goals of using EMR, attaining security and privacy is extremely important. This study aims to propose a web framework with inbuilt security features that will prevent the common security vulnerabilities in the electronic medical record. The security features of the three most popular and powerful PHP frameworks Laravel, CodeIgniter, and Symfony were reviewed and compared. Based on the results, Laravel is equipped with the security features that electronic medical record currently required. This paper provides descriptions of the proposed conceptual framework that can be adapted to implement secure EMR systems.
Recent research states that using new and emerging
technologies in the areas of telecommunications are widely
used in healthcare sector. The system Intelligent Electornic
Patient Record Management System (IEPRMS) is a
centralized database contains the in-patient record. It was
implemented using PHP & MYSQL combination. The
database record contains the patient personal info, department
lies-in, physician, tours, ,treatment and lab results. Since the
patient enters the hospital the workflow starts as the reception
user creates new record by entering the personal info and
sends the record to assigned department; at this stage the nurse
starts update the record by entering the physician comments,
required treatment, and sends lab test when it is required. The
procedure continues as long as the patient still in the hospital.
At last when the patient recovered or died the International
Classsification of Diseases(ICD) inserted to the record and out
or died date. In addition there are many supported tables that
can be updated manually through independent pages by IT
administrator. These tables like Physician names, medicines,
lab tests, users and ICDs. As the system consists of different
users and different user permissions. Also there are advance
search that can help to make statistical reports and researches
for the physicians. The system is considered time and cost
effective to healthcare.
Security issues and framework of electronic medical record: A reviewjournalBEEI
The electronic medical record has been more widely accepted due to its unarguable benefits when compared to a paper-based system. As electronic medical record becomes more popular, this raises many security threats against the systems. Common security vulnerabilities, such as weak authentication, cross-site scripting, SQL injection, and cross-site request forgery had been identified in the electronic medical record systems. To achieve the goals of using EMR, attaining security and privacy is extremely important. This study aims to propose a web framework with inbuilt security features that will prevent the common security vulnerabilities in the electronic medical record. The security features of the three most popular and powerful PHP frameworks Laravel, CodeIgniter, and Symfony were reviewed and compared. Based on the results, Laravel is equipped with the security features that electronic medical record currently required. This paper provides descriptions of the proposed conceptual framework that can be adapted to implement secure EMR systems.
Recent research states that using new and emerging
technologies in the areas of telecommunications are widely
used in healthcare sector. The system Intelligent Electornic
Patient Record Management System (IEPRMS) is a
centralized database contains the in-patient record. It was
implemented using PHP & MYSQL combination. The
database record contains the patient personal info, department
lies-in, physician, tours, ,treatment and lab results. Since the
patient enters the hospital the workflow starts as the reception
user creates new record by entering the personal info and
sends the record to assigned department; at this stage the nurse
starts update the record by entering the physician comments,
required treatment, and sends lab test when it is required. The
procedure continues as long as the patient still in the hospital.
At last when the patient recovered or died the International
Classsification of Diseases(ICD) inserted to the record and out
or died date. In addition there are many supported tables that
can be updated manually through independent pages by IT
administrator. These tables like Physician names, medicines,
lab tests, users and ICDs. As the system consists of different
users and different user permissions. Also there are advance
search that can help to make statistical reports and researches
for the physicians. The system is considered time and cost
effective to healthcare.
Electronic Court Case Management System (eCCMS), is a web-based system which is developed to make the functional areas in Judicial Service more efficiency and effective. One of the main intention of this project is to control and allow complete registration of all court cases and tracking of case current status and location; to enhance public access on web, avoiding client to go to court and also needs to follow up daily after filing of case.
Position Requirements: The successful candidate shall possess a Bachelor’s degree in Computer Science, Business Administration or a related field, with minimum 5 years of experience as a Certified System Engineer. Master’s Degree is any of the above discipline is an added advantage. The successful candidate shall possess high level knowledge, skills and experience to meet the requirements of this position; and shall assist the Associate Vice President for Administration and Campus Operation in ensuring that the University Network and Management Information System is functional in keeping with best practices. The successful candidate must possess the skills necessary to effectively communicate with campus personnel, campus administrators and the general public. The incumbent shall possess knowledge of the appropriate computer skills (especially experience as a Certified Professional Trainer, Enterprise Administrator on Windows Server 2008 or above, Certified Internetwork Expert, and Network System Security), with a commitment to quality and excellence.
CCI training helps IT job applicants develop exceptional analytical, organizational, investigational and problem-solving skills organizations need. https://blog.ccitraining.edu/secure-your-career-shift-with-computer-security-training
Survey of open source health information systemshiij
Due to the Health Information Technology for Economic and Clinical Health Act (HITECH), the US
medical industry has been given a directive to transition to electronic health records. Electronic Health
Records will enhance efficiency and quality of patient care. In this paper, open-source health information
systems are surveyed.These systems include electronic medical records, electronic health records and
personal health record systems. Their functionality, implementation technologies used, and security
features are discussed.
Electronic Healthcare Record Security and Management in Healthcare Organizationsijtsrd
"This study aim sat identifying the current countermeasures used in protecting the Electronic Healthcare Record and how employees share their knowledge about the existence Electronic Healthcare Record security as well as countermeasures used in mitigating the threats and data breaches in healthcare organizations. A case study of Aminu Kano Teaching Hospital, Nigeria was used and qualitative research method was adopted where purposive and stratified random sampling was used. This led to construction of eleven relevant questions to four categories of staff. A conceptual frame work was proposed to quid the study and the findings we reevaluated using the proposed frame work. There sults revealed that there is lack of knowledge sharing among employees and some factors were found to be the resistance factors, this include educational background, behavior, low security awareness, personality differences and lack of management commitment. On the other hand, deterrent, preventive and organizational actions were partially practiced as countermeasures used to mitigate the threats and vulnerability of data breaches of Electronic Healthcare Records in Aminu Kano Teaching Hospital in Nigeria. Attahiru Saminu, CLN ""Electronic Healthcare Record Security and Management in Healthcare Organizations"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Special Issue | International Conference on Advanced Engineering and Information Technology , November 2018, URL: https://www.ijtsrd.com/papers/ijtsrd19124.pdf
Paper URL: https://www.ijtsrd.com/other-scientific-research-area/other/19124/electronic-healthcare-record-security-and-management-in-healthcare-organizations/attahiru-saminu-cln"
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES IJNSA Journal
Information assurance is at the core of every initiative that an organization executes. For online universities, a common and complex initiative is maintaining user lifecycle and providing seamless access using one identity in a large virtual infrastructure. To achieve information assurance the management of user privileges affected by events in the user’s identity lifecycle needs to be the determining factor for access control. While the implementation of identity and access management systems makes this initiative feasible, it is the construction and maintenance of the infrastructure that makes it complex and challenging. The objective of this paper1 is to describe the complexities, propose a practical approach to building a foundation for consistent user experience and realizing security synthesis in online universities.
Database Security—Concepts,Approaches, and ChallengesElisaOllieShoresna
Database Security—Concepts,
Approaches, and Challenges
Elisa Bertino, Fellow, IEEE, and Ravi Sandhu, Fellow, IEEE
Abstract—As organizations increase their reliance on, possibly distributed, information systems for daily business, they become more
vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as
encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive
approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject
qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the
semantics of data must be taken into account in order to specify effective access control policies. Also, techniques for data integrity
and availability specifically tailored to database systems must be adopted. In this respect, over the years the database security
community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability.
However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security
concerns, the “disintermediation” of access to data, new computing paradigms and applications, such as grid-based computing and on-
demand business, have introduced both new security requirements and new contexts in which to apply and possibly extend current
approaches. In this paper, we first survey the most relevant concepts underlying the notion of database security and summarize the
most well-known techniques. We focus on access control systems, on which a large body of research has been devoted, and describe
the key access control models, namely, the discretionary and mandatory access control models, and the role-based access control
(RBAC) model. We also discuss security for advanced data management systems, and cover topics such as access control for XML.
We then discuss current challenges for database security and some preliminary approaches that address some of these challenges.
Index Terms—Data confindentiality, data privacy, relational and object databases, XML.
�
1 INTRODUCTION
AS organizations increase their adoption of databasesystems as the key data management technology for
day-to-day operations and decision making, the security of
data managed by these systems becomes crucial. Damage
and misuse of data affect not only a single user or
application, but may have disastrous consequences on the
entire organization. The recent rapid proliferation of Web-
based applications and information systems have further
increased the risk exposure of databases and, thus, data
protection is today more crucial than ever. It is also
important to appreciate that data needs to be protected
not only from external threats, but also from insider threats ...
Electronic Court Case Management System (eCCMS), is a web-based system which is developed to make the functional areas in Judicial Service more efficiency and effective. One of the main intention of this project is to control and allow complete registration of all court cases and tracking of case current status and location; to enhance public access on web, avoiding client to go to court and also needs to follow up daily after filing of case.
Position Requirements: The successful candidate shall possess a Bachelor’s degree in Computer Science, Business Administration or a related field, with minimum 5 years of experience as a Certified System Engineer. Master’s Degree is any of the above discipline is an added advantage. The successful candidate shall possess high level knowledge, skills and experience to meet the requirements of this position; and shall assist the Associate Vice President for Administration and Campus Operation in ensuring that the University Network and Management Information System is functional in keeping with best practices. The successful candidate must possess the skills necessary to effectively communicate with campus personnel, campus administrators and the general public. The incumbent shall possess knowledge of the appropriate computer skills (especially experience as a Certified Professional Trainer, Enterprise Administrator on Windows Server 2008 or above, Certified Internetwork Expert, and Network System Security), with a commitment to quality and excellence.
CCI training helps IT job applicants develop exceptional analytical, organizational, investigational and problem-solving skills organizations need. https://blog.ccitraining.edu/secure-your-career-shift-with-computer-security-training
Survey of open source health information systemshiij
Due to the Health Information Technology for Economic and Clinical Health Act (HITECH), the US
medical industry has been given a directive to transition to electronic health records. Electronic Health
Records will enhance efficiency and quality of patient care. In this paper, open-source health information
systems are surveyed.These systems include electronic medical records, electronic health records and
personal health record systems. Their functionality, implementation technologies used, and security
features are discussed.
Electronic Healthcare Record Security and Management in Healthcare Organizationsijtsrd
"This study aim sat identifying the current countermeasures used in protecting the Electronic Healthcare Record and how employees share their knowledge about the existence Electronic Healthcare Record security as well as countermeasures used in mitigating the threats and data breaches in healthcare organizations. A case study of Aminu Kano Teaching Hospital, Nigeria was used and qualitative research method was adopted where purposive and stratified random sampling was used. This led to construction of eleven relevant questions to four categories of staff. A conceptual frame work was proposed to quid the study and the findings we reevaluated using the proposed frame work. There sults revealed that there is lack of knowledge sharing among employees and some factors were found to be the resistance factors, this include educational background, behavior, low security awareness, personality differences and lack of management commitment. On the other hand, deterrent, preventive and organizational actions were partially practiced as countermeasures used to mitigate the threats and vulnerability of data breaches of Electronic Healthcare Records in Aminu Kano Teaching Hospital in Nigeria. Attahiru Saminu, CLN ""Electronic Healthcare Record Security and Management in Healthcare Organizations"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Special Issue | International Conference on Advanced Engineering and Information Technology , November 2018, URL: https://www.ijtsrd.com/papers/ijtsrd19124.pdf
Paper URL: https://www.ijtsrd.com/other-scientific-research-area/other/19124/electronic-healthcare-record-security-and-management-in-healthcare-organizations/attahiru-saminu-cln"
Electronic Healthcare Record Security and Management in Healthcare Organizations
Similar to Data management and computer security business manual mainframe (nwrdc) support services - computing _ information technology services _ fsu - information technology services
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES IJNSA Journal
Information assurance is at the core of every initiative that an organization executes. For online universities, a common and complex initiative is maintaining user lifecycle and providing seamless access using one identity in a large virtual infrastructure. To achieve information assurance the management of user privileges affected by events in the user’s identity lifecycle needs to be the determining factor for access control. While the implementation of identity and access management systems makes this initiative feasible, it is the construction and maintenance of the infrastructure that makes it complex and challenging. The objective of this paper1 is to describe the complexities, propose a practical approach to building a foundation for consistent user experience and realizing security synthesis in online universities.
Database Security—Concepts,Approaches, and ChallengesElisaOllieShoresna
Database Security—Concepts,
Approaches, and Challenges
Elisa Bertino, Fellow, IEEE, and Ravi Sandhu, Fellow, IEEE
Abstract—As organizations increase their reliance on, possibly distributed, information systems for daily business, they become more
vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as
encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive
approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject
qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the
semantics of data must be taken into account in order to specify effective access control policies. Also, techniques for data integrity
and availability specifically tailored to database systems must be adopted. In this respect, over the years the database security
community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability.
However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security
concerns, the “disintermediation” of access to data, new computing paradigms and applications, such as grid-based computing and on-
demand business, have introduced both new security requirements and new contexts in which to apply and possibly extend current
approaches. In this paper, we first survey the most relevant concepts underlying the notion of database security and summarize the
most well-known techniques. We focus on access control systems, on which a large body of research has been devoted, and describe
the key access control models, namely, the discretionary and mandatory access control models, and the role-based access control
(RBAC) model. We also discuss security for advanced data management systems, and cover topics such as access control for XML.
We then discuss current challenges for database security and some preliminary approaches that address some of these challenges.
Index Terms—Data confindentiality, data privacy, relational and object databases, XML.
�
1 INTRODUCTION
AS organizations increase their adoption of databasesystems as the key data management technology for
day-to-day operations and decision making, the security of
data managed by these systems becomes crucial. Damage
and misuse of data affect not only a single user or
application, but may have disastrous consequences on the
entire organization. The recent rapid proliferation of Web-
based applications and information systems have further
increased the risk exposure of databases and, thus, data
protection is today more crucial than ever. It is also
important to appreciate that data needs to be protected
not only from external threats, but also from insider threats ...
Procedural Controls
=>Standard procedures and documentation
=>Authorization requirements
=>Disaster recovery
=>Controls for end-user computing
Similar to Data management and computer security business manual mainframe (nwrdc) support services - computing _ information technology services _ fsu - information technology services (20)
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Data management and computer security business manual mainframe (nwrdc) support services - computing _ information technology services _ fsu - information technology services
1. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 1/13
ITS Search
Information Technology Services / - Computing / Mainframe (NWRDC) Support Services /
Data Management and Computer Security Business Manual
Data Management and Computer Security Business
Manual
1. Section 282.318, Florida Statutes
2. Chancellor's Memorandum,CM-87-001.1
3. Purpose
4. Policy
5. Scope
6. Definitions
7. Ownership, Data Management, and Accountability
8. Delegation of Responsibility
9. Data Management
Data Trustee
Data Steward
Data Custodian
Database Administrator
Security Administrator
Computer Operations
10. Information Systems Development
11. Resolution of Data Disputes
12. Sensitive Data
13. Critical Data
14. Risk Management
15. Risk Analysis
16. Documentation
17. Backup and Recovery
18. Incident Reporting
19. Information System Development and Acquisition
20. Online Data Access and Security Guidelines
21. Online Availability
22. Authorized Access
23. User IDs and Passwords
24. Departmental Security Coordinator
25. Departmental Security Coordinator Responsibilities
Home
About Us
Featured Projects
Service Catalog
- Classroom Technology
- Communications
- Computing
- Email
- IT Security
- Network
- Public Safety
- Software
- Storage
- Web Services
ITS Service Desk
- Departments
- Employees
- Students
ITS Policies & Guidelines
Student Technology Fee
FAQs
Information Technology Services QUICKLINKS
2. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 2/13
26. Application Security Manager Responsibilities
27. AIS Responsibilities
28. Online Administrative Information Systems
29. Batch Job Security
30. Data Access and Accountability
31. Microcomputers
References:
1. Section 282.318, Florida Statutes
This statute created the Security of Information Technology Resources Act to assure an
adequate level of security for all governmental data and information technology
resources. The Board of Regents is the agency responsible for assuring security for data
and information technology resources within the SUS.
2. Chancellor's Memorandum, CM- 87- 001.1
This Memorandum establishes minimum standards for assuring an adequate level of
security within State Universities. In addition, the State University System has published a
Standard Practice for Security of Data and Information Technology Resources.
Purpose
In compliance with requirements of the above directives and guidelines, contained herein
are the internal policies and procedures necessary to assure the security of administrative
data and information technology resources at Florida State University.
These data policies and procedures not only comply with state and SUS directives, they
are necessary because of the value the university places on its information resources.
While the university seeks to make available in a convenient electronic format all
university administrative data necessary for the efficient operation of its departments,
standards and procedures are necessary to ensure the security and integrity of the
information, and to prevent its misuse.
Policy
The Florida State University grants routine access to administrative systems and data only
to those University and direct support organization employees who must use the specific
information in the conduct of university business. Individuals who are given access to
sensitive data have a position of special trust and as such are responsible for ensuring
the security and integrity of that data. A student may be authorized access to their own
data, or work related data when the student is also an employee of the university.
Individuals outside the university can be authorized access to university data only if that
authorization is granted by an Executive Officer of the University.
Policies contained in this Business Manual provide the foundation upon which standards
and procedures for protection of university information resources are developed.
Implementation and adherence to precise standards and procedures for electronic
information processing operations is necessary to protect university administrative
information.
Scope
These policies and guidelines govern the management and accessibility of central
university administrative data regardless of the environment where the data resides. This
includes the central mainframe, departmental mini- computers, individual personal
computers, and data as it resides in any other media (print, microfiche, etc.).
3. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 3/13
Access and update capabilities/restrictions apply to all administrative data stored in the
Northwest Regional Data Center computer and on mini- and microcomputers across
campus.
Information resources used for instruction and research purposes (Academic Computing)
are exempt from the requirements of the SUS standard practice and the policies and
procedures contained herein; however, colleges, schools and departments are
responsible for establishing policies and procedures for assuring the physical and
electronic security of all information technology resources within their control. Such
policies and procedures will assure:
Reasonable and accurate equipment inventory control procedures and records are
maintained
Government owned information technology resources are used only for university
administrative, instruction or research purposes
Security measures are taken to prevent unauthorized system access
Preventative measures are taken to reduce the risk of computer virus infections
Only authorized software is used. University policy strictly forbids software piracy and
possession or use of illegally acquired software.
Definitions
Terms and phrases used in this policy are defined as follows:
Access Capability
Authority granted to an individual which allows viewing or manipulation of data
residing in a computer system file. Access capability is managed through
assignments of a user id and password.
Administrative Data
Any data related to the administration of Florida State University. This includes
data used by both the central administration and the administrative units of the
colleges, schools and departments.
Administrative Systems and Applications
Any computer system/application programming which supports administrative
activities of the university. This includes systems or applications supporting both
the central administration and the administrative units of the various colleges,
schools and departments.
Application Security Manager
The individual designated by a data steward to coordinate the granting of
access/update capabilities to departmental users.
AIS Security Administrator
The individual in AIS responsible for coordinating usage of the AIS Security System.
AIS Data Administrator
The individual in AIS responsible for the coordination of the data administration
function.
Critical Information Resource
Information resources determined by University management to be essential to
the University's critical mission and function, the loss of which would have an
unacceptable impact.
Data Custodian
The individual or department responsible for maintaining physical data, monitoring,
enforcing, and coordinating institutional data access policies and procedures. AIS
is the data custodian for central university data maintained at the NWRDC.
Database Manager
The individual in AIS responsible for logical and physical data base design services.
Data Steward
Central administrative office or academic department responsible for a specific
subset of university data.
Data Trustee
4. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 4/13
The individual responsible for the data in the system, e.g., the President, a Vice
President, or division director.
Departmental Security Coordinator
The individual in an academic or administrative unit responsible for coordinating
the creation, monitoring, and deactivation of user ids with AIS and Application
Security Managers.
Directory Information
Basic information on an individual such as name, address, phone number such as
is printed in the university telephone directory. Employees and students may
request that directory information not be released to the public.
Information Resources
Data, automated applications, and information technology resources.
Public Information
Information that is available or distributed to the general public either regularly or
upon request.
Restricted Information, moderately sensitive/highly sensitive
Information intended for use only by individuals who require that information in
the course of performing their university responsibilities, or information protected
by federal and state regulations. Requests for access to this information must be
authorized by the applicable Data Steward.
University Data Administrator
The university Budget Officer serves as the university Data Administrator and is
responsible for coordinating the release of university data to external individuals,
businesses or agencies, and university responses to official data requests.
University Information Security Manager (ISM)
The individual designated to administer the University's information resource
security program in accordance with Florida Statutes and SUS/BOR directives, and
the University's internal and external point of contact for information security
matters.
Update Capability
Access capability which allows individual to alter, add or delete data in a computer
system file.
User ID
Character string which identifies an individual to a computer system, enabling
access and/or update capabilities.
Ownership, Data Management, and Accountability
Florida State University retains the exclusive right and use of all computer assets,
including data. In this context, FSU is considered the legal owner of all university data.
Delegation of Responsibility
Sound business practices hold the owner of computer assets responsible for their control.
The President of FSU delegates Data Trustee responsibility to specific university
administrative officers.
The structure for university data accountability shall be as follows:
Data Trustee
Data Steward
Data Custodian
Application Security Manager
Departmental Security Coordinator
AIS Security Coordinator
AIS Database Manager
User
5. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 5/13
Data Management
Data Trustee
The Florida State University executive structure correlates directly with the major
categories of university data, thus the following are Data Trustees for their respective
area of responsibility:
President
Vice President for Academic Affairs and Provost
Vice President for Finance and Administration
Vice President for Student Affairs
Vice President for University Relations
Vice President for Research
Data Steward
Data Stewards are identified by a Data Trustee to manage a subset of data. The
designated Data Steward is responsible for the accuracy, privacy, and integrity of a
university data subset. All university data must have an identified Steward.
Data Trustees, Stewards and Subsets are:
Data Trustee
Data Stewards Data Subset
President
Director, Budget & Analysis University Budget Data
Institutional Research Data
VP for Academic Affairs/Provost
Director, Admissions Undergraduate Admissions Data
Director, Records & Registration Course Schedule Records
Enrollment Records
Academic Permanent Records
Student Data Base Records
Director, Financial Aid Financial Aid Awards Data
Financial Aid Applicant Records
Dean of the Faculties Faculty Promotion and Tenure Data
Faculty Recruitment and Appointment Data
Director, Professional
Development & Public Service Continuing Education Records
VP for Finance and Administration
Controller University Financial Data
Director, Personnel Faculty and Staff Personnel Data
Director, Purchasing University Purchasing Data
Director, Property Records Capital Equipment/Property Data
Director, Physical Plant Building Construction/Maintenance Data
Director, Telecommunications Telecommunications Data
Director, Business Services Parking/Business Operations Data
Director, Administrative Information Systems IS Security Data
VP for Student Affairs
Director, University Health Center Student medical records
Director, University Housing Student housing records
Director, Counseling Center Student counseling records
VP for University Relations
President, Foundation Gift Management Data
Director, Alumni Affairs Alumni records
Dir., Seminole Booster's Seminole Booster Gift/Point Data
6. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 6/13
VP for Research
Director, Contracts & Grants Accounting Data
C&G Payroll Data
Data Steward Responsibilities:
Data Stewards evaluate and approve requests for access to their data subset by other
university users and outside agencies. This function may be delegated to Application
Security Managers appointed by the Data Steward.
Data Stewards determine the degree of data access (interactive query only, interactive
update, downloading of specific data) to be granted to users and assuring compliance
with access security standards as developed in support of this policy.
Data Stewards define or describe each data element within their data subset. The
creation of data element definitions must be coordinated with the AIS Data Administrator
and the applications development manager responsible for providing applications systems
support.
Data Stewards must understand the content of their data base and how its elements
functionally or logically interrelate. Stewards will maintain, document, and communicate
data definitions (dictionary) to users granted access to their departmental data subset.
Stewards provide guidance and assistance in appropriate interpretation of their data.
Data Custodian
The Data Custodian administers information resource in accordance with established
policies and procedures, but does NOT dictate usage of university data, nor determine
individual access rights to elements, records, or files contained within the data base;
however, custodians will assist in the mediation and resolution of disputes regarding data
policies/procedures.
The Data Custodian may delegate specific custodial responsibility to the following
persons:
Database Administrator
The Database Administrator (DBA) has custodial responsibility for all data
contained within their respective data base management system. The AIS DBA is
responsible for data contained within the university centralized data base
management system and related data which exists in production. DBA's also assist
in the mediation and resolution of data disputes.
Security Administrator
The Security Administrator enforces and executes established standards,
procedures, and guidelines necessary to ensure security of information resources
containing or processing university data.
Computer Operations
Computer Operators have custodial responsibility for implementing, monitoring,
and coordinating procedures necessary to control the transfer of data and
scheduling of production activities by valid users.
Information Systems Development
Information Systems developers are responsible for implementing, monitoring, and
coordinating procedures for accessing all test data files used in the development of
administrative applications.
Resolution of Data Disputes
At the present time, University data resides in a variety of independent functional files.
These files are, to varying degrees, interconnected; however, AIS has not yet
implemented a centralized relational data base environment. As a result, it is possible
that a data element could exist in more than one data category. In this case, a data
element could be claimed by or considered to have more than one Data Trustee.
7. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 7/13
It is anticipated that on occasion it may be necessary to resolve data control or access
issues when the affected Data Stewards do not agree as to how the data should be
used. If this occurs, the Data Custodian represented by the AIS Data Administrator shall
convene a meeting of the appropriate Data Stewards and/or Trustees to resolve the
dispute.
AIS is formulating plans that call for data migration to relational data base technology.
The advantage of a centrally managed relational data base is improved data integration,
which reduces data redundancy and permits more effective and efficient management
reporting and analysis.
Sensitive Data
Sensitive information is confidential by law and requires protection from unauthorized
access by virtue of its legal exemption from the Public Records Act. Much of the data
collected and managed at FSU is sensitive or confidential. AIS security procedures ensure
that computer files, whether on-line or batch, are accessed only by authorized personnel
as required in the performance of their duties.
In the case of computer generated reports or other hard-copy documents that contain
sensitive data, users must develop procedures to provide an auditable chain of custody.
Computer data or documents classified as sensitive are:
All student related data and records EXCEPT:
Name
Date of birth
Major field of study
Permanent address
Telephone listing
Classification
Participating in official university activities and sports
Weight and height of members of athletic teams
Dates of attendance at the university
Degrees, honors and awards received
The most previous educational institution attended
Employee Evaluations
Information security management/data access control documentation and records
Printouts containing sensitive data that identifies a student or employee must be
delivered/picked-up in person by a departmental representative. Such materials are not
sent via campus mail. All employees handling sensitive data must read and sign a
statement regarding the privacy issues of sensitive data.
Extreme care must be exercised in the disposition of printed materials containing sensitive
data. Sensitive data must not be released to persons not affiliated with FSU. In areas
where large volumes of such data is managed, paper shredding is the most appropriate
method of disposal.
Critical Data
The SUS defines critical information as the data that is critical to the mission and function
of the university, the loss of which would have an unacceptable impact. The four data
applications determined by the SUS to be critical are:
Personnel, payroll, and budget records,
Student records,
Financial Aid records, and
Finance and accounting records
8. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 8/13
Risk Management
Risks to critical and sensitive administrative information resources must be managed. Such
risks may relate to the physical security of computer and communications systems, the
integrity of data maintained or transmitted within those systems, as well as to the
stability and reliability of the associated application. Absolute security which assures
protection against all potential threats is unachievable; therefore, a means of weighing
possible loses which could occur, against the cost of mitigating controls, is required. This
weighing of potential risks verses control costs involves use of a systematic risk analysis
methodology for evaluating vulnerabilities and threats to information resources. Risk
analysis is the basis for risk management; i.e., assumption of risks and potential losses,
or selection and implementation of cost effective controls and safe guards to reduce risks
to an acceptable level.
The SUS Board of Regents provides an approved risk analysis program and methodology
for accomplishing the assessment of risk to university administrative information
resources.
Risk Analysis
The University Information Security Manager (ISM) periodically performs a risk analysis of
all critical and sensitive central university systems and data. Data custodians who operate
and maintain other administrative information resources (i.e., not resident at NWRDC or
within the data custodial control of AIS), which process critical or sensitive information,
must periodically perform the risk analysis for those information resources. Risk Analysis
and security measures apply to administrative systems developed and/or maintained by
university departments, as well as those acquired from or maintained by an outside
vendors.
Documentation
The security risk to University data is also related to the stability and reliability of the
associated administrative systems and applications, which in turn, is related to the quality
and accessibility of the technical documentation of those systems and applications. The
level of detail required within such documentation is a function of the size, complexity and
criticality of the system/application. System/application documentation should be viewed
as "work in progress" and evolutionary, and thus must be constantly revised and updated
through out the life cycle of the system/application. In keeping with paperwork reduction
objectives, and to facilitate documentation currency, it is desirable that administrative
system/application documentation, to the maximum degree possible, be maintained on-
line. Although no specific format can address all cases, documentation of critical and
sensitive administrative systems and applications should, as a minimum, include:
Business case/analysis, or process description,
System description/design/architecture,
Data/database design and dictionary,
Programming logic/programmer notes, and
Operational procedures/help
Backup and Recovery
It is prudent to prepare for potential loss of critical information resources and processing
capabilities. Plans to recover from such losses may range from routine backing up of data
and software, to comprehensive disaster recovery and business resumption exercises.
NWRDC, in conjunction with AIS provides for data and software back-up and recovery of
critical central university administrative systems which reside at NWRDC. The data
custodian of critical data which does not reside at the NWRDC is responsible for providing
appropriate back-up and recovery for the associated information resources.
In either case, the security control of back-up resources/data must be equivalent to the
9. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 9/13
controls required of the primary resources/data.
Incident Reporting
Analysis of trends and types of security incidents and breaches is important to the
integrity of University data management and computer security. All security incidents and
breaches must be reported to data custodians for investigation and analysis.
Information System Development and Acquisition
Adding security controls after a system is operational is normally more expensive and less
effective than when security requirements are considered in the initial system design. As
such, systems development/acquisition decisions must include consideration of security
requirements during each phase of the development/acquisition process.
Online Data Access and Security Guidelines
Specific Federal, State and university regulations, guidelines, policies and procedures
govern the access and distribution of student, employee and other institutional data.
Such data may not be released to any outside individual or organization without the
explicit knowledge and approval of the University Data Administrator. As mandated by the
Board of Regents (BOR), the University Data Administrator is the custodian of all official
university data.
Online Availability
Florida State University's On-line Administrative Systems (CICS and SAMAS) are generally
available between 8:00 a.m. and 6:00 a.m. seven days per week.
(NOTE: Every effort will be made to keep on-line files available, however, nightly batch
processing and file updating MUST take precedence. Files taken down for batch processing will
be brought up for on-line access when batch processing has been completed.)
Authorized Access
Employees are authorized access to university data only to fulfill their job responsibilities.
The Federal Privacy Act prohibits releasing information about any student to unauthorized
persons without the written consent of that student.
Board of Regents and university regulations prohibit release of any university data to
unauthorized persons without proper approval.
(NOTE: If you have access to institutional data, you are prohibited from divulging such data to
anyone unless they are also authorized to use it. You should exercise extreme caution in
releasing data to any individual or organization.)
User IDs and Passwords
Each employee must have a unique user ID. For central university administrative systems
user IDs are assigned by AIS. Each user also chooses their own system and application
passwords. Passwords can be 4 to 7 alpha-numeric characters and must be kept
confidential and protected at all times.
(NOTE: Initial passwords are the same as the user ID. The system will force a new password
entry the first time a user signs on.)
User IDs and passwords cannot be shared or reused, and passwords must be changed
every 90 days or the system will force such a change.
Users should sign-off of their terminal when leaving it unattended for an extended period
10. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 10/13
of time.
When an employee transfers from one department to another, they carry their User ID
with them. However, their "old" DSC should request the AIS Security Manager to
deactivate their old file access and their "new" DSC should request the AIS Security
Manager to activate their new file access. AIS will update the employee's security records
to reflect a change in departments and DSCs.
When an employee leaves the university, their user-id will be deactivated but maintained
in the security system for historical and audit purposes. User-ids can not be reused by
another employee.
(NOTE: Please refer to the University Data Management and Security System Procedures
Manual for specific instructions on employee transfers, terminations, or application access
changes.)
Departmental Security Coordinator
Each department or major organizational unit must have a designated Departmental
Security Coordinator (DSC). The function of the DSC is to communicate and coordinate
access to administrative systems for employees in their department as follows:
To request new user-ids or authorization for departmental employees to access On-line
Administrative Systems files, the DSC should complete and sign the Request for On-line
user-id and Administrative System Access form and mail to AIS.
Authorized file access can be granted only by the appropriate Application Security
Manager (ASM). Each ASM will contact the DSC to discuss specific access and update
authority to be granted users.
(NOTE: Please refer to University Data Management and Security System Procedures Manual
for instructions on how to obtain user- ids and gain access to administrative applications.)
Departmental Security Coordinator Responsibilities
Departmental Security Coordinators are responsible for:
Teaching new employees the basics of terminal usage--signing on, changing
passwords, locating keys. etc.
Instructing new employees regarding data access, security and confidentiality and
having them review the University Data Access and Security Business Manual.
Impressing upon all users, new and existing, the necessity for preserving
confidentiality of university data.
Ensuring users periodically change their passwords. Especially, should they suspect
someone else knows it.
Encouraging users to sign-off their terminal anytime they leave it unattended.
Maintaining current records of their department's terminal users via the AIS Access
Form.
Application Security Manager Responsibilities
The Application Security Manager (ASM) is responsible for:
Developing and documenting specific criteria to be used in determining access levels
and update authority.
Collecting appropriate data from the user to determine the access level and update
authority to be granted.
Granting access to university data to departmental users by updating the AIS
Security System to explicitly grant update, or view only access.
Monitoring a comprehensive list of users and their individual access privileges
provided by AIS.
11. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 11/13
AIS Responsibilities
AIS is responsible for:
Ensuring compliance with all Federal, State and University regulations regarding
security of computer files.
Approving and establishing user-ids, which define the user to the AIS Security
System and forwarding the Access Form to the appropriate ASM(s).
Providing monthly, each DSC a current list of all user-ids in their department
identifying the files each users can access and/or update.
Online Administrative Information Systems
Access to the university's online administrative systems is accomplished by logging on to
the Northwest Regional Data Center (NWRDC) and CICS. All administrative applications
have been converted to the FSU CICS region (selection '1' on the NWRDC main menu).
Other access which specific users may require includes:
SAMAS (the State Automated Management Accounting System);
TSO (where applications such as computer based training, FOCUS, and SAS reside).
Following is a short description of many of the specific applications which may be accessed
via the on-line administrative system master menu (FSMM). (A complete list of these may
also be found by pressing the HELP key [PF1] on the AIS FSMM screen.)
Student Academic
This set of applications provides access to such student-oriented files as the
Student Data Base, Admissions File, Stop File, Electronic Transcript Transfer,
University Catalog, Course Schedule File, Enrollment File, Withdrawal, Academic
Permanent Records and Test Scores.
Student Affairs
Contains applications supporting the Housing Office, University Health and
Counseling Centers (both highly restricted) and the Orientation Office.
Student Financial
Provides access to the University Cashiering System. The Cashiering System is the
central collection point for departmental deposits, student fees, student loans and
other financial functions.
Financial Aid
Provides information related to a student's application for financial aid and
subsequent data collection, processing, packaging and aid awards.
Personnel/Payroll
Provides information related to university employees, class codes, applicants and
payroll processing.
Auxiliary Systems
Provides access to various applications such as the Seminole ACCESS Crossover
File, listings of Departmental Representatives, and on-line Telecommunications
applications.
Finance & Accounting
(Currently being developed)
Addresses
Contains various addresses such as local, permanent, university PO-box and
emergency contact for current and former students.
University Support
Provides information related to support applications such as the Production
Calendar, Security, Project Management System (ProMIS) and DataShare.
Batch Job Security
Authority to execute batch jobs at the NWRDC is granted to FSU employees who have a
demonstrable need for such authority. Each person who is authorized to execute batch
12. 10/23/13 Data Management and Computer SecurityBusiness Manual / Mainframe (NWRDC) Support Services / - Computing / Information TechnologyServices / F…
its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 12/13
jobs to access FSU data sets is required to have a personal account number (logon-ID)
assigned by the AIS Security Manager. Logon-IDs are organized into various Security
Groups and defined to the ACF/2 security system at NWRDC. Requests for authority to
submit batch jobs should be submitted to the AIS Security Manager for approval and the
assignment of the logon-ID, security group and access privileges.
Data Access and Accountability
Datashare System Access
The DataShare system gives authorized users access to a wide range of student data
which can be downloaded to departmental microcomputers for use in local (non-AIS
supported) data bases. Users of this system must submit a DataShare request form to
the University Registrar, and read the Registrar's Guidelines for Confidentiality and
Release of Student Records.
Access to sensitive student data downloaded via the DataShare system is restricted to
personnel requiring the data to perform their duties at the university. DataShare data
must be used solely for the legitimate business of the university.
Individual users are responsible for storing data under secure conditions, making every
reasonable effort to ensure data privacy, and not divulging user-ids or passwords.
Centrally-managed university files are the official data of the university and downloaded
files represent only a snapshot of this data at a given point in time. Users of DataShare
files agree not to circumvent nor delay the normal updating of centrally-managed
university files. Furthermore, individual users of DataShare files agree to periodic audits of
their local downloaded data by appropriate Application Security Managers or the AIS
Security Manager.
User Accountability
The individual faculty and staff, regardless of the means of accessing the data, is the
critical link in ensuring the integrity and security of University data. Ultimately, only the
user can prevent unauthorized access and ensure responsible use of University data.
Administrative and judicial penalties may be imposed for illegal or unauthorized
modification, destruction, disclosure or use of University data.
Unauthorized access may relate to any of the following:
Hard copy reports issued by various administrative offices.
Interactive terminal access to the NWRDC.
Data downloaded and accessed from a college/departmental computer.
Data downloaded and accessed from a user's individual personal computer.
Microcomputers
Magnetic Media
Magnetic media, including diskettes, fixed disks, and tapes are subject to corruption. The
information on these media are recorded by the application of magnetic fields, and are
subject to disruption by other magnetic influences. These media must be kept in a place
that will diminish the possibility of magnetic interference.
Deliberately Destructive Software (Viruses)
The usage of externally acquired diskettes or the downloading of files from remote sites is
accompanied by the real possibility of permitting viruses to be introduced to your system.
These viruses are potentially destructive to your system and are likely to destroy your