Data management and computer security business manual mainframe (nwrdc) support services - computing _ information technology services _ fsu - information technology services

10/23/13 Data Management and Computer Security Business Manual / Mainframe (NWRDC) Support Services / - Computing / Information Technology Services / F…

its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services/Data-Management-and-Computer-Security-Business-Manual#6 1/13

ITS Search

Information Technology Services / - Computing / Mainframe (NWRDC) Support Services /

Data Management and Computer Security Business Manual

Data Management and Computer Security BusinessManual

1. Section 282.318, Florida Statutes

2. Chancellor's Memorandum,CM-87-001.1

3. Purpose

4. Policy

5. Scope

6. Definitions

7. Ownership, Data Management, and Accountability

8. Delegation of Responsibility

9. Data Management

Data Trustee

Data Steward

Data Custodian

Database Administrator

Security Administrator

Computer Operations

10. Information Systems Development

11. Resolution of Data Disputes

12. Sensitive Data

13. Critical Data

14. Risk Management

15. Risk Analysis

16. Documentation

17. Backup and Recovery

18. Incident Reporting

19. Information System Development and Acquisition

20. Online Data Access and Security Guidelines

21. Online Availability

22. Authorized Access

23. User IDs and Passwords

24. Departmental Security Coordinator

25. Departmental Security Coordinator Responsibilities

Home

About Us

Featured Projects

Service Catalog

- Classroom Technology

- Communications

- Computing

- Email

- IT Security

- Network

- Public Safety

- Software

- Storage

- Web Services

ITS Service Desk

- Departments

- Employees

- Students

ITS Policies & Guidelines

Student Technology Fee

FAQs

Information Technology Services QUICKLINKS

http://fsu.edu/

http://fsu.edu/

http://its.fsu.edu/

http://its.fsu.edu/Computing

http://its.fsu.edu/Computing/Mainframe-NWRDC-Support-Services

http://its.fsu.edu/9c1/

http://its.fsu.edu/

http://its.fsu.edu/About-Us

http://its.fsu.edu/Featured-Projects

http://its.fsu.edu/Service-Catalog

http://its.fsu.edu/Classroom-Technology

http://its.fsu.edu/Communications

http://its.fsu.edu/Computing

http://its.fsu.edu/Email

http://its.fsu.edu/IT-Security

http://its.fsu.edu/Network

http://its.fsu.edu/Public-Safety

http://its.fsu.edu/Software

http://its.fsu.edu/Storage

http://its.fsu.edu/Web-Services

http://its.fsu.edu/ITS-Service-Desk

http://its.fsu.edu/Departments

http://its.fsu.edu/Employees

http://its.fsu.edu/Students

http://its.fsu.edu/About-Us/IT-Policies-Guidelines

http://its.fsu.edu/Student-Technology-Fee

http://faq.its.fsu.edu/



26. Application Security Manager Responsibilities

27. AIS Responsibilities

28. Online Administrative Information Systems

29. Batch Job Security

30. Data Access and Accountability

31. Microcomputers

References:

1. Section 282.318, Florida Statutes

This statute created the Security of Information Technology Resources Act to assure an

adequate level of security for all governmental data and information technology

resources. The Board of Regents is the agency responsible for assuring security for data

and information technology resources within the SUS.

2. Chancellor's Memorandum, CM- 87- 001.1

This Memorandum establishes minimum standards for assuring an adequate level of

security within State Universities. In addition, the State University System has published a

Standard Practice for Security of Data and Information Technology Resources.

PurposeIn compliance with requirements of the above directives and guidelines, contained herein

are the internal policies and procedures necessary to assure the security of administrative

data and information technology resources at Florida State University.

These data policies and procedures not only comply with state and SUS directives, they

are necessary because of the value the university places on its information resources.

While the university seeks to make available in a convenient electronic format all

university administrative data necessary for the efficient operation of its departments,

standards and procedures are necessary to ensure the security and integrity of the

information, and to prevent its misuse.

PolicyThe Florida State University grants routine access to administrative systems and data only

to those University and direct support organization employees who must use the specific

information in the conduct of university business. Individuals who are given access to

sensitive data have a position of special trust and as such are responsible for ensuring

the security and integrity of that data. A student may be authorized access to their own

data, or work related data when the student is also an employee of the university.

Individuals outside the university can be authorized access to university data only if that

authorization is granted by an Executive Officer of the University.

Policies contained in this Business Manual provide the foundation upon which standards

and procedures for protection of university information resources are developed.

Implementation and adherence to precise standards and procedures for electronic

information processing operations is necessary to protect university administrative

information.

ScopeThese policies and guidelines govern the management and accessibility of central

university administrative data regardless of the environment where the data resides. This

includes the central mainframe, departmental mini- computers, individual personal

computers, and data as it resides in any other media (print, microfiche, etc.).



Access and update capabilities/restrictions apply to all administrative data stored in the

Northwest Regional Data Center computer and on mini- and microcomputers across

campus.

Information resources used for instruction and research purposes (Academic Computing)

are exempt from the requirements of the SUS standard practice and the policies and

procedures contained herein; however, colleges, schools and departments are

responsible for establishing policies and procedures for assuring the physical and

electronic security of all information technology resources within their control. Such

policies and procedures will assure:

Reasonable and accurate equipment inventory control procedures and records aremaintained

Government owned information technology resources are used only for universityadministrative, instruction or research purposes

Security measures are taken to prevent unauthorized system access

Preventative measures are taken to reduce the risk of computer virus infections

Only authorized software is used. University policy strictly forbids software piracy and

possession or use of illegally acquired software.

DefinitionsTerms and phrases used in this policy are defined as follows:

Access Capability

Authority granted to an individual which allows viewing or manipulation of data

residing in a computer system file. Access capability is managed throughassignments of a user id and password.

Administrative Data

Any data related to the administration of Florida State University. This includesdata used by both the central administration and the administrative units of the

colleges, schools and departments.

Administrative Systems and Applications

Any computer system/application programming which supports administrative

activities of the university. This includes systems or applications supporting both

the central administration and the administrative units of the various colleges,schools and departments.

Application Security Manager

The individual designated by a data steward to coordinate the granting ofaccess/update capabilities to departmental users.

AIS Security Administrator

The individual in AIS responsible for coordinating usage of the AIS Security System.

AIS Data Administrator

The individual in AIS responsible for the coordination of the data administration

function.

Critical Information Resource

Information resources determined by University management to be essential to

the University's critical mission and function, the loss of which would have anunacceptable impact.

Data Custodian

The individual or department responsible for maintaining physical data, monitoring,

enforcing, and coordinating institutional data access policies and procedures. AISis the data custodian for central university data maintained at the NWRDC.

Database Manager

The individual in AIS responsible for logical and physical data base design services.

Data Steward

Central administrative office or academic department responsible for a specific

subset of university data.

Data Trustee



The individual responsible for the data in the system, e.g., the President, a Vice

President, or division director.

Departmental Security Coordinator

The individual in an academic or administrative unit responsible for coordinating

the creation, monitoring, and deactivation of user ids with AIS and Application

Security Managers.

Directory Information

Basic information on an individual such as name, address, phone number such as

is printed in the university telephone directory. Employees and students may

request that directory information not be released to the public.

Information Resources

Data, automated applications, and information technology resources.

Public Information

Information that is available or distributed to the general public either regularly or

upon request.

Restricted Information, moderately sensitive/highly sensitive

Information intended for use only by individuals who require that information in

the course of performing their university responsibilities, or information protected

by federal and state regulations. Requests for access to this information must beauthorized by the applicable Data Steward.

University Data Administrator

The university Budget Officer serves as the university Data Administrator and is

responsible for coordinating the release of university data to external individuals,

businesses or agencies, and university responses to official data requests.

University Information Security Manager (ISM)

The individual designated to administer the University's information resourcesecurity program in accordance with Florida Statutes and SUS/BOR directives, and

the University's internal and external point of contact for information securitymatters.

Update Capability

Access capability which allows individual to alter, add or delete data in a computer

system file.

User ID

Character string which identifies an individual to a computer system, enabling

access and/or update capabilities.

Ownership, Data Management, and AccountabilityFlorida State University retains the exclusive right and use of all computer assets,

including data. In this context, FSU is considered the legal owner of all university data.

Delegation of ResponsibilitySound business practices hold the owner of computer assets responsible for their control.

The President of FSU delegates Data Trustee responsibility to specific university

administrative officers.

The structure for university data accountability shall be as follows:

Data Trustee

Data Steward

Data Custodian

Application Security Manager

Departmental Security Coordinator

AIS Security Coordinator

AIS Database Manager

User



Data Management

Data Trustee

The Florida State University executive structure correlates directly with the major

categories of university data, thus the following are Data Trustees for their respective

area of responsibility:

President

Vice President for Academic Affairs and Provost

Vice President for Finance and Administration

Vice President for Student Affairs

Vice President for University Relations

Vice President for Research

Data Steward

Data Stewards are identified by a Data Trustee to manage a subset of data. The

designated Data Steward is responsible for the accuracy, privacy, and integrity of a

university data subset. All university data must have an identified Steward.

Data Trustees, Stewards and Subsets are:

Data Trustee

Data Stewards Data Subset

President

Director, Budget & Analysis University Budget Data

Institutional Research Data

VP for Academic Affairs/Provost

Director, Admissions Undergraduate Admissions Data

Director, Records & Registration Course Schedule Records

Enrollment Records

Academic Permanent Records

Student Data Base Records

Director, Financial Aid Financial Aid Awards Data

Financial Aid Applicant Records

Dean of the Faculties Faculty Promotion and Tenure Data

Faculty Recruitment and Appointment Data

Director, Professional

Development & Public Service Continuing Education Records

VP for Finance and Administration

Controller University Financial Data

Director, Personnel Faculty and Staff Personnel Data

Director, Purchasing University Purchasing Data

Director, Property Records Capital Equipment/Property Data

Director, Physical Plant Building Construction/Maintenance Data

Director, Telecommunications Telecommunications Data

Director, Business Services Parking/Business Operations Data

Director, Administrative Information Systems IS Security Data

VP for Student Affairs

Director, University Health Center Student medical records

Director, University Housing Student housing records

Director, Counseling Center Student counseling records

VP for University Relations

President, Foundation Gift Management Data

Director, Alumni Affairs Alumni records

Dir., Seminole Booster's Seminole Booster Gift/Point Data



VP for Research

Director, Contracts & Grants Accounting Data

C&G Payroll Data

Data Steward Responsibilities:

Data Stewards evaluate and approve requests for access to their data subset by other

university users and outside agencies. This function may be delegated to Application

Security Managers appointed by the Data Steward.

Data Stewards determine the degree of data access (interactive query only, interactive

update, downloading of specific data) to be granted to users and assuring compliance

with access security standards as developed in support of this policy.

Data Stewards define or describe each data element within their data subset. The

creation of data element definitions must be coordinated with the AIS Data Administrator

and the applications development manager responsible for providing applications systems

support.

Data Stewards must understand the content of their data base and how its elements

functionally or logically interrelate. Stewards will maintain, document, and communicate

data definitions (dictionary) to users granted access to their departmental data subset.

Stewards provide guidance and assistance in appropriate interpretation of their data.

Data Custodian

The Data Custodian administers information resource in accordance with established

policies and procedures, but does NOT dictate usage of university data, nor determine

individual access rights to elements, records, or files contained within the data base;

however, custodians will assist in the mediation and resolution of disputes regarding data

policies/procedures.

The Data Custodian may delegate specific custodial responsibility to the following

persons:

Database Administrator

The Database Administrator (DBA) has custodial responsibility for all data

contained within their respective data base management system. The AIS DBA isresponsible for data contained within the university centralized data base

management system and related data which exists in production. DBA's also assistin the mediation and resolution of data disputes.

Security Administrator

The Security Administrator enforces and executes established standards,

procedures, and guidelines necessary to ensure security of information resourcescontaining or processing university data.

Computer Operations

Computer Operators have custodial responsibility for implementing, monitoring,and coordinating procedures necessary to control the transfer of data andscheduling of production activities by valid users.

Information Systems DevelopmentInformation Systems developers are responsible for implementing, monitoring, and

coordinating procedures for accessing all test data files used in the development of

administrative applications.

Resolution of Data DisputesAt the present time, University data resides in a variety of independent functional files.

These files are, to varying degrees, interconnected; however, AIS has not yet

implemented a centralized relational data base environment. As a result, it is possible

that a data element could exist in more than one data category. In this case, a data

element could be claimed by or considered to have more than one Data Trustee.



It is anticipated that on occasion it may be necessary to resolve data control or access

issues when the affected Data Stewards do not agree as to how the data should be

used. If this occurs, the Data Custodian represented by the AIS Data Administrator shall

convene a meeting of the appropriate Data Stewards and/or Trustees to resolve the

dispute.

AIS is formulating plans that call for data migration to relational data base technology.

The advantage of a centrally managed relational data base is improved data integration,

which reduces data redundancy and permits more effective and efficient management

reporting and analysis.

Sensitive DataSensitive information is confidential by law and requires protection from unauthorized

access by virtue of its legal exemption from the Public Records Act. Much of the data

collected and managed at FSU is sensitive or confidential. AIS security procedures ensure

that computer files, whether on-line or batch, are accessed only by authorized personnel

as required in the performance of their duties.

In the case of computer generated reports or other hard-copy documents that contain

sensitive data, users must develop procedures to provide an auditable chain of custody.

Computer data or documents classified as sensitive are:

All student related data and records EXCEPT:

Name

Date of birth

Major field of study

Permanent address

Telephone listing

Classification

Participating in official university activities and sports

Weight and height of members of athletic teams

Dates of attendance at the university

Degrees, honors and awards received

The most previous educational institution attended

Employee Evaluations

Information security management/data access control documentation and records

Printouts containing sensitive data that identifies a student or employee must be

delivered/picked-up in person by a departmental representative. Such materials are not

sent via campus mail. All employees handling sensitive data must read and sign a

statement regarding the privacy issues of sensitive data.

Extreme care must be exercised in the disposition of printed materials containing sensitive

data. Sensitive data must not be released to persons not affiliated with FSU. In areas

where large volumes of such data is managed, paper shredding is the most appropriate

method of disposal.

Critical DataThe SUS defines critical information as the data that is critical to the mission and function

of the university, the loss of which would have an unacceptable impact. The four data

applications determined by the SUS to be critical are:

Personnel, payroll, and budget records,

Student records,

Financial Aid records, and

Finance and accounting records



Risk ManagementRisks to critical and sensitive administrative information resources must be managed. Such

risks may relate to the physical security of computer and communications systems, the

integrity of data maintained or transmitted within those systems, as well as to the

stability and reliability of the associated application. Absolute security which assures

protection against all potential threats is unachievable; therefore, a means of weighing

possible loses which could occur, against the cost of mitigating controls, is required. This

weighing of potential risks verses control costs involves use of a systematic risk analysis

methodology for evaluating vulnerabilities and threats to information resources. Risk

analysis is the basis for risk management; i.e., assumption of risks and potential losses,

or selection and implementation of cost effective controls and safe guards to reduce risks

to an acceptable level.

The SUS Board of Regents provides an approved risk analysis program and methodology

for accomplishing the assessment of risk to university administrative information

resources.

Risk AnalysisThe University Information Security Manager (ISM) periodically performs a risk analysis of

all critical and sensitive central university systems and data. Data custodians who operate

and maintain other administrative information resources (i.e., not resident at NWRDC or

within the data custodial control of AIS), which process critical or sensitive information,

must periodically perform the risk analysis for those information resources. Risk Analysis

and security measures apply to administrative systems developed and/or maintained by

university departments, as well as those acquired from or maintained by an outside

vendors.

DocumentationThe security risk to University data is also related to the stability and reliability of the

associated administrative systems and applications, which in turn, is related to the quality

and accessibility of the technical documentation of those systems and applications. The

level of detail required within such documentation is a function of the size, complexity and

criticality of the system/application. System/application documentation should be viewed

as "work in progress" and evolutionary, and thus must be constantly revised and updated

through out the life cycle of the system/application. In keeping with paperwork reduction

objectives, and to facilitate documentation currency, it is desirable that administrative

system/application documentation, to the maximum degree possible, be maintained on-

line. Although no specific format can address all cases, documentation of critical and

sensitive administrative systems and applications should, as a minimum, include:

Business case/analysis, or process description,

System description/design/architecture,

Data/database design and dictionary,

Programming logic/programmer notes, and

Operational procedures/help

Backup and RecoveryIt is prudent to prepare for potential loss of critical information resources and processing

capabilities. Plans to recover from such losses may range from routine backing up of data

and software, to comprehensive disaster recovery and business resumption exercises.

NWRDC, in conjunction with AIS provides for data and software back-up and recovery of

critical central university administrative systems which reside at NWRDC. The data

custodian of critical data which does not reside at the NWRDC is responsible for providing

appropriate back-up and recovery for the associated information resources.

In either case, the security control of back-up resources/data must be equivalent to the



controls required of the primary resources/data.

Incident ReportingAnalysis of trends and types of security incidents and breaches is important to the

integrity of University data management and computer security. All security incidents and

breaches must be reported to data custodians for investigation and analysis.

Information System Development and AcquisitionAdding security controls after a system is operational is normally more expensive and less

effective than when security requirements are considered in the initial system design. As

such, systems development/acquisition decisions must include consideration of security

requirements during each phase of the development/acquisition process.

Online Data Access and Security GuidelinesSpecific Federal, State and university regulations, guidelines, policies and procedures

govern the access and distribution of student, employee and other institutional data.

Such data may not be released to any outside individual or organization without the

explicit knowledge and approval of the University Data Administrator. As mandated by the

Board of Regents (BOR), the University Data Administrator is the custodian of all official

university data.

Online AvailabilityFlorida State University's On-line Administrative Systems (CICS and SAMAS) are generally

available between 8:00 a.m. and 6:00 a.m. seven days per week.

(NOTE: Every effort will be made to keep on-line files available, however, nightly batch

processing and file updating MUST take precedence. Files taken down for batch processing will

be brought up for on-line access when batch processing has been completed.)

Authorized AccessEmployees are authorized access to university data only to fulfill their job responsibilities.

The Federal Privacy Act prohibits releasing information about any student to unauthorized

persons without the written consent of that student.

Board of Regents and university regulations prohibit release of any university data to

unauthorized persons without proper approval.

(NOTE: If you have access to institutional data, you are prohibited from divulging such data to

anyone unless they are also authorized to use it. You should exercise extreme caution in

releasing data to any individual or organization.)

User IDs and PasswordsEach employee must have a unique user ID. For central university administrative systems

user IDs are assigned by AIS. Each user also chooses their own system and application

passwords. Passwords can be 4 to 7 alpha-numeric characters and must be kept

confidential and protected at all times.

(NOTE: Initial passwords are the same as the user ID. The system will force a new password

entry the first time a user signs on.)

User IDs and passwords cannot be shared or reused, and passwords must be changed

every 90 days or the system will force such a change.

Users should sign-off of their terminal when leaving it unattended for an extended period



of time.

When an employee transfers from one department to another, they carry their User ID

with them. However, their "old" DSC should request the AIS Security Manager to

deactivate their old file access and their "new" DSC should request the AIS Security

Manager to activate their new file access. AIS will update the employee's security records

to reflect a change in departments and DSCs.

When an employee leaves the university, their user-id will be deactivated but maintained

in the security system for historical and audit purposes. User-ids can not be reused by

another employee.

(NOTE: Please refer to the University Data Management and Security System Procedures

Manual for specific instructions on employee transfers, terminations, or application access

changes.)

Departmental Security CoordinatorEach department or major organizational unit must have a designated Departmental

Security Coordinator (DSC). The function of the DSC is to communicate and coordinate

access to administrative systems for employees in their department as follows:

To request new user-ids or authorization for departmental employees to access On-line

Administrative Systems files, the DSC should complete and sign the Request for On-line

user-id and Administrative System Access form and mail to AIS.

Authorized file access can be granted only by the appropriate Application Security

Manager (ASM). Each ASM will contact the DSC to discuss specific access and update

authority to be granted users.

(NOTE: Please refer to University Data Management and Security System Procedures Manual

for instructions on how to obtain user- ids and gain access to administrative applications.)

Departmental Security Coordinator ResponsibilitiesDepartmental Security Coordinators are responsible for:

Teaching new employees the basics of terminal usage--signing on, changing

passwords, locating keys. etc.

Instructing new employees regarding data access, security and confidentiality andhaving them review the University Data Access and Security Business Manual.

Impressing upon all users, new and existing, the necessity for preservingconfidentiality of university data.

Ensuring users periodically change their passwords. Especially, should they suspect

someone else knows it.

Encouraging users to sign-off their terminal anytime they leave it unattended.

Maintaining current records of their department's terminal users via the AIS AccessForm.

Application Security Manager ResponsibilitiesThe Application Security Manager (ASM) is responsible for:

Developing and documenting specific criteria to be used in determining access levelsand update authority.

Collecting appropriate data from the user to determine the access level and updateauthority to be granted.

Granting access to university data to departmental users by updating the AIS

Security System to explicitly grant update, or view only access.

Monitoring a comprehensive list of users and their individual access privilegesprovided by AIS.



AIS ResponsibilitiesAIS is responsible for:

Ensuring compliance with all Federal, State and University regulations regardingsecurity of computer files.

Approving and establishing user-ids, which define the user to the AIS Security

System and forwarding the Access Form to the appropriate ASM(s).

Providing monthly, each DSC a current list of all user-ids in their departmentidentifying the files each users can access and/or update.

Online Administrative Information SystemsAccess to the university's online administrative systems is accomplished by logging on to

the Northwest Regional Data Center (NWRDC) and CICS. All administrative applications

have been converted to the FSU CICS region (selection '1' on the NWRDC main menu).

Other access which specific users may require includes:

SAMAS (the State Automated Management Accounting System);

TSO (where applications such as computer based training, FOCUS, and SAS reside).

Following is a short description of many of the specific applications which may be accessed

via the on-line administrative system master menu (FSMM). (A complete list of these may

also be found by pressing the HELP key [PF1] on the AIS FSMM screen.)

Student Academic

This set of applications provides access to such student-oriented files as theStudent Data Base, Admissions File, Stop File, Electronic Transcript Transfer,

University Catalog, Course Schedule File, Enrollment File, Withdrawal, AcademicPermanent Records and Test Scores.

Student Affairs

Contains applications supporting the Housing Office, University Health andCounseling Centers (both highly restricted) and the Orientation Office.

Student Financial

Provides access to the University Cashiering System. The Cashiering System is thecentral collection point for departmental deposits, student fees, student loans andother financial functions.

Financial Aid

Provides information related to a student's application for financial aid andsubsequent data collection, processing, packaging and aid awards.

Personnel/Payroll

Provides information related to university employees, class codes, applicants andpayroll processing.

Auxiliary Systems

Provides access to various applications such as the Seminole ACCESS Crossover

File, listings of Departmental Representatives, and on-line Telecommunicationsapplications.

Finance & Accounting

(Currently being developed)

Addresses

Contains various addresses such as local, permanent, university PO-box and

emergency contact for current and former students.

University Support

Provides information related to support applications such as the ProductionCalendar, Security, Project Management System (ProMIS) and DataShare.

Batch Job SecurityAuthority to execute batch jobs at the NWRDC is granted to FSU employees who have a

demonstrable need for such authority. Each person who is authorized to execute batch



jobs to access FSU data sets is required to have a personal account number (logon-ID)

assigned by the AIS Security Manager. Logon-IDs are organized into various Security

Groups and defined to the ACF/2 security system at NWRDC. Requests for authority to

submit batch jobs should be submitted to the AIS Security Manager for approval and the

assignment of the logon-ID, security group and access privileges.

Data Access and AccountabilityDatashare System Access

The DataShare system gives authorized users access to a wide range of student data

which can be downloaded to departmental microcomputers for use in local (non-AIS

supported) data bases. Users of this system must submit a DataShare request form to

the University Registrar, and read the Registrar's Guidelines for Confidentiality and

Release of Student Records.

Access to sensitive student data downloaded via the DataShare system is restricted to

personnel requiring the data to perform their duties at the university. DataShare data

must be used solely for the legitimate business of the university.

Individual users are responsible for storing data under secure conditions, making every

reasonable effort to ensure data privacy, and not divulging user-ids or passwords.

Centrally-managed university files are the official data of the university and downloaded

files represent only a snapshot of this data at a given point in time. Users of DataShare

files agree not to circumvent nor delay the normal updating of centrally-managed

university files. Furthermore, individual users of DataShare files agree to periodic audits of

their local downloaded data by appropriate Application Security Managers or the AIS

Security Manager.

User Accountability

The individual faculty and staff, regardless of the means of accessing the data, is the

critical link in ensuring the integrity and security of University data. Ultimately, only the

user can prevent unauthorized access and ensure responsible use of University data.

Administrative and judicial penalties may be imposed for illegal or unauthorized

modification, destruction, disclosure or use of University data.

Unauthorized access may relate to any of the following:

Hard copy reports issued by various administrative offices.

Interactive terminal access to the NWRDC.

Data downloaded and accessed from a college/departmental computer.

Data downloaded and accessed from a user's individual personal computer.

Microcomputers

Magnetic Media

Magnetic media, including diskettes, fixed disks, and tapes are subject to corruption. The

information on these media are recorded by the application of magnetic fields, and are

subject to disruption by other magnetic influences. These media must be kept in a place

that will diminish the possibility of magnetic interference.

Deliberately Destructive Software (Viruses)

The usage of externally acquired diskettes or the downloading of files from remote sites is

accompanied by the real possibility of permitting viruses to be introduced to your system.

These viruses are potentially destructive to your system and are likely to destroy your



files on any media with which they are used. It is not uncommon that all information on a

sizable fixed disk is corrupted by the introduction of a virus from an external source. This

possibility is even greater where several users are utilizing the same system. The

potential damage of such a destructive invasion is increased in the use of local area

networks (LANs). It is the responsibility of each user to use due caution to prevent the

invasion of viruses into their systems, and the possible further destruction of additional

systems by sharing foreign information with other users. Thus, installation and use of

anti-virus software on all microcomputers is highly recommended.

AIS maintains a site license for a PC anti-virus program. This program is available from

Administrative User Services (AUS) (644-1760).

Should preventative measures fail, contact AUS Helpdesk (644-8502) for assistance.

Backup

Because PC based magnetic media are subject to corruption it is advisable that all

information and programs stored on them be retained in at least two different places. A

second copy of all information stored on diskettes should be made and kept in a safe

location. Information stored on a fixed or hard disk should be copied onto diskettes or

magnetic tape for backup purposes. The size of the files of information will likely greatly

influence the media used for backup.

Programs that are utilized by the user should be copied and stored safely when the

program is first acquired. Data that is entered into the computer should be stored in two

different places to prevent the loss of information should the primary copy be corrupted or

lost. Besides the possibility of magnetic interference, there is a possibility that a disk drive

can fail and ruin the magnetic media that it is using at that time.

Users should frequently store/save information when data is being entered into the

computer. Again there is a possibility that a component of the computer or electrical

power could fail. Immediately after the completion of entering large volumes of

information, that information should be copied to a back-up media for safe keeping.

Software Piracy

Almost all purchased or leased software is acquired with a usage license. Much software

is acquired with only a single user license, though some may have multiple user licenses.

It is the responsibility of the administrative officer who authorizes the acquisition to insure

that the license is not violated. The user has the ultimate responsibility to adhere to the

conditions of the license, but accountability must be insured by supervision and

management.

AIS and university policy strictly forbid software piracy. AIS will not provide assistance to

university departments that knowingly violate copyright laws.

© Information Technology Services, Florida State UniversityC6100 University Center Tallahassee, FL 32306-2620 | 850/644-4357

Privacy Policy | Contact ITS | Maps to ITS Locations

http://www.fsu.edu/misc/policy.html

http://its.fsu.edu/About-Us/Website-Feedback

http://its.fsu.edu/About-Us#MAPS