User Security

1.0 Overview

Users must ensure that their computer related habits and procedures are performed in a manner that minimizes risks to the security, confidentiality and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration destruction or other compromise of such information.

2.0 Purpose

This policy is designed to lay out the framework that governs user accounts and training, to ensure that users are acting in a manner that maximizes security.

3.0 Scope

This policy applies to any individual who has a device attached to Clarkson’s computer network and who deals with University owned computer data.

4.0  Policy

Steps must be taken to ensure that user accounts are not used without their owner’s consent and that accounts are not active for any longer than they are required.  The standards governing these areas are found in the Password Policy and the Account Deactivation Policy, respectively.  The creation of usernames is governed by the Naming Convention Policy.

Additionally, it is important that users, especially those users who have access to sensitive data, are aware of security concerns and computing best-practices.  The User Training Policy presents requirements to address this issue.

All requirements given in the above mentioned policies shall be followed at all times.

5.0 Enforcement

Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including a formal written letter of corrective action.

6.0 Revision History

Draft Policy – 19 April 2005 – jfiske

Draft Policy – 5 May 2005 – jfiske

Draft Policy – 10 February 2006 – jfiske

Approved Policy v1.0 – 4 November 2013 – jfiske