2,654
edits
No edit summary |
mNo edit summary |
||
Line 48: | Line 48: | ||
#Executive Memorandum No. 26, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf University of Nebraska Information Security Plan - Gramm Leach Bliley Compliance] | #Executive Memorandum No. 26, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf University of Nebraska Information Security Plan - Gramm Leach Bliley Compliance] | ||
#Executive Memorandum No. 27, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf HIPAA Compliance Policy] | #Executive Memorandum No. 27, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf HIPAA Compliance Policy] | ||
#Executive Memorandum No. 41, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-research-and-data-security.pdf Policy on Research Data and Security] | |||
#Executive Memorandum No. 42, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-risk-classification-and-minimum-security-standards.pdf Policy on Risk Classification and Minimum Security Standards] | |||
=== Access === | === Access === | ||
Physical and electronic access to proprietary information and computing resources is controlled. The level of control will depend on user need and the level of risk and exposure to loss or compromise. Access will be assigned based upon the information needed to perform assigned duties. On campus electronic access is controlled through user id and password. Off Campus electronic access in some instances requires two-factor authentication. | Physical and electronic access to proprietary information and computing resources is controlled. The level of control will depend on user need and the level of risk and exposure to loss or compromise. Access will be assigned based upon the information needed to perform assigned duties. On campus electronic access is controlled through user id and password. Off Campus electronic access in some instances requires two-factor authentication. | ||
Line 95: | Line 96: | ||
<br /> | <br /> | ||
Information Technology Support Personnel will inactivate or delete IDs/password, as appropriate, of individuals who no longer have a relationship with UNMC. | Information Technology Support Personnel will inactivate or delete IDs/password, as appropriate, of individuals who no longer have a relationship with UNMC. | ||
===Appropriate Use=== | ===Appropriate Use=== | ||
It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality in order to protect the integrity of all data and of the interests of the entity.<br /> | It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality in order to protect the integrity of all data and of the interests of the entity.<br /> | ||
Line 136: | Line 136: | ||
#Other incidents that could undermine confidence and trust in the UNMC’s information technology systems | #Other incidents that could undermine confidence and trust in the UNMC’s information technology systems | ||
ITS or other personnel must take immediate action to mitigate any threats that have the potential to pose a serious risk to campus information system resources. If the threat is deemed serious enough, the system(s) or individual posing the threat will be blocked from network access. Communication with department leadership regarding such action will take place as soon as possible. The block will be removed as soon as the threat has been repaired. (See UNMC ITS Security Procedure: Information Security Incident Reporting and Response) | ITS or other personnel must take immediate action to mitigate any threats that have the potential to pose a serious risk to campus information system resources. If the threat is deemed serious enough, the system(s) or individual posing the threat will be blocked from network access. Communication with department leadership regarding such action will take place as soon as possible. The block will be removed as soon as the threat has been repaired. (See UNMC ITS Security Procedure: Information Security Incident Reporting and Response) | ||
===Copyright=== | ===Copyright=== | ||
UNMC maintains strict compliance with the Digital Millennium Copyright Act of 1998 and applicable amendments. It should be noted that traditionally a user purchases a software “license,” which is a right to use. Many times the licenses can only be loaded on one machine. Violating any software license or copyright is in violation of university policy. | UNMC maintains strict compliance with the Digital Millennium Copyright Act of 1998 and applicable amendments. It should be noted that traditionally a user purchases a software “license,” which is a right to use. Many times the licenses can only be loaded on one machine. Violating any software license or copyright is in violation of university policy. | ||
Line 164: | Line 163: | ||
<br /> | <br /> | ||
For more information, see [https://info.unmc.edu/its-security/policies/procedures/spam-compliants.html ITS Security Procedure: Controlling the Distribution of Non-Solicited Marketing Email]. | For more information, see [https://info.unmc.edu/its-security/policies/procedures/spam-compliants.html ITS Security Procedure: Controlling the Distribution of Non-Solicited Marketing Email]. | ||
===Campus-wide e-mail announcements=== | ===Campus-wide e-mail announcements=== | ||
Sending out mass distribution e-mails containing event and/or general announcement type information is discouraged. If you have an event to publicize or an announcement to deliver to a large group of people, the best way to do this is through UNMC Today, the campus electronic newsletter. Contact Public Relations for additional information.<br /> | Sending out mass distribution e-mails containing event and/or general announcement type information is discouraged. If you have an event to publicize or an announcement to deliver to a large group of people, the best way to do this is through UNMC Today, the campus electronic newsletter. Contact Public Relations for additional information.<br /> | ||
Line 178: | Line 176: | ||
#Develop and implement a formal process for audit log review | #Develop and implement a formal process for audit log review | ||
#Audit reports are confidential and should not be released without the approval of the HIPAA [mailto:debrbishop@nebraskamed.com Privacy Officer] or the Human Resources Employee Relations Manager. | #Audit reports are confidential and should not be released without the approval of the HIPAA [mailto:debrbishop@nebraskamed.com Privacy Officer] or the Human Resources Employee Relations Manager. | ||
====Shared Files==== | ====Shared Files==== | ||
The owner of shared files is responsible to: | The owner of shared files is responsible to: | ||
Line 253: | Line 250: | ||
==Additional information== | ==Additional information== | ||
*[https://info.unmc.edu/its-security/index.html Information Technology Services] | *[https://info.unmc.edu/its-security/index.html Information Technology Services] | ||
*UNMC Policy No. 6036, [[Reproducing_Copyrighted_Materials|Reproduction of Copyrighted Materials]] | *UNMC Policy No. 6036, [[Reproducing_Copyrighted_Materials|Reproduction of Copyrighted Materials]] | ||
*UNMC Policy No. 6045, [[Privacy/Confidentiality|Privacy, Confidentiality and Information Security]] | *UNMC Policy No. 6045, [[Privacy/Confidentiality|Privacy, Confidentiality and Information Security]] | ||
Line 264: | Line 258: | ||
*[https://info.unmc.edu/its-security/policies/procedures/index.html UNMC Information Security Procedures] | *[https://info.unmc.edu/its-security/policies/procedures/index.html UNMC Information Security Procedures] | ||
*[https://www.unmc.edu/academicaffairs/_documents/compliance/Statement_of_Understanding.pdf Statement of Understanding] | *[https://www.unmc.edu/academicaffairs/_documents/compliance/Statement_of_Understanding.pdf Statement of Understanding] | ||
*Executive Memorandum No. 16, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-for-responsible-use-of-university-computers-and-information-systems.pdf Policy for Responsible Use of University Computers and Information Systems] | |||
*Executive Memorandum No. 26, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf University of Nebraska Information Security Plan - Gramm Leach Bliley Compliance] | |||
*Executive Memorandum No. 27, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf HIPAA Compliance Policy] | |||
*Executive Memorandum No. 41, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-research-and-data-security.pdf Policy on Research Data and Security] | |||
*Executive Memorandum No. 42, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-risk-classification-and-minimum-security-standards.pdf Policy on Risk Classification and Minimum Security Standards] | |||
*[http://www.copyright.gov/legislation/dmca.pdf The Digital Millennium Copyright Act of 1998] | *[http://www.copyright.gov/legislation/dmca.pdf The Digital Millennium Copyright Act of 1998] | ||
*[http://www.copyright.gov/ U.S. Copyright Office - General Guidelines About Copyright Law] | *[http://www.copyright.gov/ U.S. Copyright Office - General Guidelines About Copyright Law] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. |