OIT Security & Assurance

This Web site contains information primarily for U of M information technology staff.  Students, faculty, and other staff, see Safe Computing.

Mission & Charter

Draft: Securing Private Data, Computers and Other Electronic Devices policy

OIT Security and Assurance has been tasked with reviewing and improving the U's security policy. To make the policies more readable and understandable, we have re-drafted existing guidance to a "Securing Private Data, Computers and Other Electronic Devices" Policy with associated procedures and information pages that we have attempted to keep both readable by the U community, yet complete enough to provide guidance.

The current draft of the policy is version 1.2: 

• Securing Private Data, Computers & Other Electronic Devices Policy (PDF)
• Basic Security for Computers & Other Electronic Devices Procedure (PDF)
• Enhanced Security for Computers & Other Electronic Devices Procedure (PDF)
• More Info web pages (PDF)     

The Policy with Procedures format is dictated by the U Policy framework.  Please send any comments/suggestions to Ken Hanna (k-hann1@umn.edu).  

***

Previous DRAFTS:

• Securing Computers & Other Electronic Devices Policy (PDF)
• Basic Security for Computers & Other Electronic Devices Procedure (PDF)
• Enhanced Security for Computers & Other Electronic Devices Procedure (PDF)
• More Info web pages (PDF)        

***

The content for the above Policy and Procedures drafts came from the existing Acceptable Use of Information Technology Resources Policy where the appendices contain links to the Standards and Guidelines, such as the Securing Private Data Standard.

Recent Phishing Attacks at the University
University of Minnesota e-mail account holders have been targeted with waves of fraudulent e-mails. These messages are not from the University of Minnesota. We will NEVER ask you to provide personal information such as passwords over e-mail. If you receive an unsolicited e-mail or you are unsure of the sender, do not reply, do not click any links contained within it, and do not open any attached files.  Read more.

Spear phishing attacks at the University

Spear phishing attacks can take many different forms, but the one thing they have in common is that they ask for sensitive information such as passwords, birth dates, social security numbers, etc. The most important thing to know is that you should never share personal information over e-mail.  Read more.

Downloading or sharing copyrighted materials
Carol Carrier and Steve Cawley sent a letter that pointed out that illegal downloading or sharing of copyrighted materials on University equipment is unacceptable and may be subject to disciplinary actions. Read more.

Managing Electronic Private Data
September 11, 2006 - OIT sent correspondence to all students, faculty and staff in response to incidents that have occured at the University - and elsewhere around the world. Read Managing Legally Protected Electronic Private Information

Notice of Breaches in Security
The Minnesota legislature amended the Minnesota Government Data Practices Act to provide for disclosure to individuals if there is a breach of security (unauthorized acquisition of private or confidential data).
See: Minnesota Government Data Practices Act, disclosure of breach in security.

Steve Cawley sent a letter to Deans and Department Heads informing them of the amendment to the Minnesota Data Practices Act requiring notification of individuals if there is a breach of security of private or confidential data on individuals.

For Departments Accepting Credit Cards...
Payment Card Industry (PCI) security requirements for merchants (departments that accept credit cards) must be followed. The University Controller's Office & OIT are working with departments to assure compliance. Read more.

CRITICAL SERVER IDENTIFICATION
A "critical" server is important to accomplishing the University/collegiate unit/business unit mission or one which stores legally protected or other important non-public data. For more information on identifying and tracking critical servers, see http://www.umn.edu/oit/security/criticalserv.html
 

Security Meeting
If you are a technical support person, join our monthly computer security meeting held in conjunction with the NetPeople meeting. Mark your calendar for the 2nd Thursday of the month. To subscribe to the comp-sec mailing/discussion list: send an e-mail to listserv@umn.edu with "SUBSCRIBE comp-sec " as the first line of your message 

See Security Presentations .
 

See More Security Highlights

Whether you need policy guidance, access to Enterprise data, or you want to know more about protecting data and systems within your college or department, OIT Assurance & Security and OIT Data Security can help.

Incident Response

• What is an Incident?
• To Report Security Incidents- e-mail abuse@umn.edu
• Copyright
• Harassment
• Notification for Breaches
• Virus/Trojan/Worm/Bots - Removal/Reinstall Steps

Latest Alerts

• CERT
• FrSIRT
• Internet Defence (Phishing)
• SANS
• Security Focus
• Symantec (Virus)

Desktop Support

• Basic Security for:
  • Mac OS X
  • Windows Vista
  • Windows XP/2000
• Encrypting Stored Data
• QuickStart Security Wizards
• Secunia scan & patch
• Securing Private Data
• Safe Computing at U of M
• VPN- Secure Connection Tool
• Windows-Run as User (PDF)

• And more...

   

  ---

Enterprise & Central Systems

• Know Responsibilities
• Identify Data Needs
• Request Access
• Get Help/Assistance

Staff and Faculty -- find this information, and more, on the OIT Data Security Web site.

Policies-Standards, Guidelines, and Laws

Standards:

• Anti-Virus

• Information Technology Support Staffing
• Microsoft Domain Controller
• Network Security & Operational Continuity
• Passwords
• Secure Data Deletion
• Securing Private Data
• Security Patch
• Wireless

Guidelines:

• Mac OS X Desktops

• Windows Vista
• Windows XP/2000 Desktops
• Critical Server Identification
• Information Technology Support
• Physical Security for Critical Servers
• Server Security

Tools

• Antivirus Software
• Assured Delete/Destroy Data
• Encrypting Stored Data
• Firewalls
• Intrusion Detection
• Microsoft Network Filters
• Network Filters (Blocked Ports)
• QuickStart Security Wizards
• Secunia scan & patch
• Secure Clients (SSH)
• SSL (Secure Sockets Layer)
• Vulnerability Testing
• Tools By Operating System

Resources

• Security Presentations
• U of M Technical Listservs
• Frequently Asked Questions
• Other Links
• Resources By Operating System

Report law/policy violations confidentially