Computer Security and Usage Guidelines Data Security and Classification Guidelines Electronic Mail Guidelines, Academic Computing, refers to computer systems that support the research and educational mission of the University., Administrative Computing, refers to computer systems that support the operational functions (e.g., financial, payroll/personnel, library, and student related data such as major, grades, courses, etc.) of the University., Anonymous Connection, is the act of connecting to a remote computer as an unidentified or anonymous user., Approved Users Authorized Users, who have been given explicit access to specific data by the Data Custodian., Audit Trail, is a log(s) of specified access (e.g., when, how, from where and by whom data is accessed). For example, a log of all changes to student grades would be kept to monitor who was accessing such confidential data and what they were doing (e.g., reading, updating, deleting)., Authorized Users, are all students and employees (including student, non-student, faculty, professional, classified, temporary, part-time, and full-time), and contracted consultants of the University of Massachusetts who are required to have access to data to perform their job function, academic assignment, or contractual obligations. Authorized users also include those individuals who are assigned courtesy…, A Bulletin Board/Newsgroup, is a service that enables users to post information for or seek information from others who are interested in a certain topic(s)., Campus or University Computing Infrastructure, refers to the underlying technology (e.g., hardware, cabling, telecommunications and software) required to support the primary University/Campus computing and data communications environments which are usually maintained by computing centers. This does NOT include departmental computing resources (e.g., a department level computing system or network)., Campus Procedures, are statements designed to comply with the requirements of University Guidelines by establishing specific criteria that must be met by University students, staff, consultants, etc., Central Security Specialist, is an individual(s) at each campus and the President's Office who has experience, knowledge and understanding of information systems security practices/requirements and who is responsible for data and computer security planning, oversight, and coordination., Classified Data, refers to University data which has been identified as Operational, Private, Restricted or Confidential., Computer Applications, are sets of computer programs which when run read or modify data, and which can generate output such as reports, bills, checks, etc., Computer Security, refers to the development and implementation of a system of controls which when implemented will REDUCE the PROBABILITY of something negative occurring (e.g., unauthorized file access or modification). Computer Security includes the following categories of control: Administrative (e.g., polices/procedures, personnel, and contingency planning); Hardware; Software (e.g., operating and application…, Computer System(s), refers to the hardware, software and communications equipment used in the processing and storage of electronic data., Confidential Data is University, data whose loss, corruption or unauthorized disclosure would be a violation of federal or state laws/regulations or University contracts., Courtesy Accounts, are accounts on University computer systems which may be provided to individuals who are not University employees, students, or contracted consultants but who have an established relationship with the University and need access. Examples include alumni, business partnerships, individuals from other educational institutions, etc., Data, refers to information regardless of the medium on which it resides (i.e., tape, cartridge, disk, hard drive, etc.), and regardless of its form (e.g. text, graphic, video, voice, etc.)., Data Integrity, refers to the completeness and accuracy of data., Data or Information Security, shall mean the implementation of reasonable safeguards to prevent unauthorized access, theft, removal or misuse of University electronic data (i.e., tape, cartridge, disk, hard drive, etc.)., Data Custodian(s), are the individual(s) responsible for making decisions about the sensitivity and critically of specific University systems and data stored in these systems; determining the classification of data under their control; documenting the use of the specific system(s); and determining which University staff require access to that system and its data. University policy may restrict or dictate the Data…, Degree of Risk or Levels of Risk, refer to the amount of exposure and/or vulnerability associated with a particular entity such as a computer system. Examples of exposure or vulnerability include theft; unauthorized access; unauthorized alternation or destruction of the computer system or the data stored on it; human error; natural disasters, etc., Deleted E-Mail, refers to any e-mail which an e-mail users has specifically deleted/removed from their e-mail mailbox or electronic mail files., Electronic Mail (e-mail), refers to letters, files and messages sent by one computer user or a software agent to a specific user or set of users within the same computer system or over a computer network., Electronic Mail Id, is a unique code which identifies a specific person to an electronic mail system., An Electronic Mail Administrator, is the individual responsible for making decisions about how an electronic mail system(s) should be maintained, determining classes of individuals which may use the electronic mail system, and determining how the mail system and its capabilities will be implemented and secured., An Electronic Mail System, is a computer which has e-mail capabilities on it., Electronic Signature, is the method of ensuring that the purported signer of a document was the actual signer and the document has not been modified since signed., Employees, are all student, non-student (faculty, professional, classified), temporary, part-time, full-time, contracted and consultants who are paid from University funds and require access to electronic data to perform their job function., External E-mail, Users are individuals who communicate with University mail systems from mail systems not controlled or administered by the University (e.g., Internet)., A Filter, is a security method to "hide" e-mail message text from the view of electronic mail maintenance personnel., Idle Time or Time-Out, refers to a capability within computer systems to disconnect an authorized user if that user is logged on and has not communicated with the computer for a specified period of time (i.e., 15 minutes)., Internet, is a network of computers that allows its users to send mail or access data world-wide., Levels of Risk or Degree of Risk, refer to the amount of exposure and/or vulnerability associated with a particular entity such as a computer system. Examples of exposure or vulnerability include theft; unauthorized access; unauthorized alternation or destruction of the computer system or the data stored on it; human error; natural disasters, etc., Licensed Software, is software that has been developed for commercial "sale" or for limited/restricted use. The software developer maintains copyright to the software and sells others the right to use the software for a fee. Note that the developer retains ownership of the software and controls how the software can be used., A Logon or Operator Id, is a unique code that identifies a specific person to the computer system. A Logon or Operator Id may also identify a type of user (i.e., Internet) to the computer system., Mailbox, is the area in the computer in which e-mail users receive electronic mail messages., Message Encryption, is the scrambling of e-mail messages so they are more secure and not easily read by anyone other than the designated recipient who has been given the "key" to unscramble the message., Operational Use Only Data University, data whose loss, corruption or unauthorized disclosure would not necessarily result in any business, financial or legal loss BUT which is made available to Data Custodian approved users only., Packet, refers to a "bundle" of information sent over network. Packets usually include information regarding where the data is being sent, the actual data, and a record indicating the end of the packet., Packet Sniffing, is a technique in which an individual inserts a software program at remote network switches or computers for the purpose of monitoring information sent over the network., A Password, is a confidential, unique code used in conjunction with the logon id to verify that the user trying to access the computer is the person to whom the Logon/Operator ID was assigned., Password Creation Checking, is the process of a computer system comparing a user's password to words in a dictionary; user specific data such as logon id, name, birth date, social security number; and common character sequences such as "123456" or "abcdef"., Private Data, is University data whose disclosure would not result in any business, financial or legal loss BUT involves issues of personal credibility, reputation, or other issues of personal privacy., Protocol, is a set of formats and procedures governing the exchange of information between computer systems., Public Domain Software, is software for which the titles and copyrights have been explicitly relinquished by the author, so that anyone can use it as they please, free of charge., Rebroadcast, is to transmit or make information accessible to individuals not materially involved in the issue that the information relates to (e.g. posting the information to a newsgroup, emailing it to others, or creating a link to the information from a publicly available Web page)., Research Computers, are any University computers which contains data related to faculty/staff/student research. This does not include the accounting data related to the financial functions of a research grant., Restricted Data, is University data whose loss, corruption or unauthorized disclosure would tend to impair the business or research functions of the University, or result in any business, financial, or legal loss., Retention Standards, are requirements which indicate the period of time a type of data or message should be retrievable., Secured Data, refers to data that is available to authorized users who require this access to perform their job function and who have obtained Data Custodian approval for this access., Server, refers to computers that provide resources or information to other computers. There are many types of servers including file servers, terminal servers, and name servers., Shareware, refers to copyrighted software whose license allows the software to be freely copied and shared. The use of Shareware usually requires the payment of a fee after some time period specified in the software's license., Signature Images, refer to the entry of a signature on a computerized document by electronic means., Staff, refers to all non-student (faculty, professional, classified), temporary, part-time, full-time, contracted and consultants who are paid from University funds and require access to electronic data to perform their job function., Students, are all individuals enrolled at the University of Massachusetts and its programs. This includes individuals attending day, continuing education, graduate and/or undergraduate sessions who may be part-time or full-time students. (NOTE: While performing job functions related to student employment with the University, students are considered employees and must therefore abide by employee related…, Student Data, refers to data that is created by University students., Surrogacy, refers to a situation in which an authorized e-mail user has given another authorized e-mail user permission to access certain features of their mail account. The surrogate uses their own mail id to access the other users mail features, they DO NOT use the other users mail id. For example, a Department Head or Director may give their assistant surrogate access to their mailbox so that the…, A Third Party, is any individual, group of individuals, bulletin board, conference or newsgroup either within the University or at any other location world wide who is not originally addressed in the e-mail message., Third Party Data, is any data supplied by and/or maintained for a Third Party., Time-Out, or Idle Time refers to a capability within computer systems to disconnect an authorized user if that user is logged on and has not communicated with the computer for a specified period of time (i.e., 15 minutes)., Trojan Horse, Virus, or Worm, is computer code designed to self-replicate, damage, or otherwise hinder the performance of a computer's memory, file system, or software., Unauthorized User, is any individual accessing data which is other than non-classified to which they have not been given explicit approval by a Data Custodian., Unclassified Data, is University data that does not fall into any of the other data classifications (i.e., Operational, Private, Restricted or Confidential). This data maybe made generally available without specific Data Custodian approval., University Data, is data created, executed or received by an University employee (i.e., full or part time, temporary, professional, classified or faculty) in connection with the transaction of University business. Categories of University data are Financial, General, Medical, Personnel, Student, etc., University E-mail, Users are all individuals who have accounts on electronic mail systems under the control and administration of the University of Massachusetts., University or Campus Computing Infrastructure, refers to the underlying technology (e.g., hardware, cabling, telecommunications and software) required to support the primary University/Campus computing and data communications environments which are usually maintained by computing centers. This does NOT include departmental computing resources (e.g., a department level computing system or network)., University Guidelines, are statements designed to achieve the requirements of University Policies by establishing specific criteria that must be met in Campus Procedures., University Policies, are concise statements of direction and required action issued only by the Board of Trustees., Virus, Worm or Trojan Horse, is computer code designed to self-replicate, damage, or otherwise hinder the performance of a computer's memory, file system, or software., Web Page, refers to a page of information available on the World-Wide web network., World-Wide Web, is a distributed information system that can be accessed to retrieve data in text, video or audio format., Worm, Virus or Trojan Horse, is computer code designed to self-replicate, damage, or otherwise hinder the performance of any computer's memory, file system, or software.
Type: Book page
