SCSU has been a leader in introducing information technology to support the delivery of instruction and in the delivery of service to the campus. Along with the use of such technology is the need for security. Security as it relates to information technology is a multi-faceted issue.
Physical security is associated with locked doors to server rooms, controlled access to electronic classrooms, physically protecting desktop and laptop computers from theft, protecting sensitive equipment in labs and large projection screens from damage or vandalism, and restricting access to network infrastructure.
Data access security identifies who it is that owns certain data sets, who can access or use the data for legitimate business reasons, and the procedures and statues that regulate the use of the data.
The concept of authentication is associated with security. Authentication speaks to how an individual is identified so that the individual may gain access to appropriate resources. It speaks to who is it that can get an account, how the account is maintained, how the password is constructed, and when it must be changed. Students, faculty, and staff are faced with using two possible identifiers to attempt authentication at SCSU: the SCSU ID and the HuskyNet ID. This can be confusing and can appear to be unnecessarily complicated.
Security within applications such as ISRS, WebCT, HuskyNet, and other third-party environments must be monitored for effectiveness, weaknesses must be reported, and version updates must be applied to ensure security and access control to critical applications.
Proper and timely backup of critical data file, anti-virus and anti-hacking initiatives, formal and written policies and procedures, and enforcement of such policies are additional security issues. There is also a need for a clear and consistent incident reporting process in response to technology-related complaints of activity originating from or otherwise involving SCSU technology resources.
The MnSCU Chancellor’s Office currently has an Information Security Office,
supported by a high level Information Security Steering Committee, which is coordinating
a multi-year effort to develop a strong and clear security program for the central
office and the campuses of the system. The MnSCU Office of Internal Auditing has
also taken a heightened interest in security issues associated with information
technology. SCSU, as a system campus, will be expected to be in step with these
system-wide security measures, and SCSU will have additional issues as a large
and complex university.
Over the next five years, SCSU will review its security policies, procedures, guidelines, and training to ensure that the appropriate level of information technology security is in place and functioning at the appropriate level. This will include
A security committee, including technologists from LR&TS and CIS-AdC, will be formed and charged with dealing with the high-level security issues identified in this plan, with developing detailed actions items and acting on them. The committee will be expected to facilitate broad campus involvement, awareness, and training.
Significant human resources will be required to understand current security issues, to upgrade the security environment where needed, and to bring the entire campus to a higher level of understanding and appreciation.
The amount and type of resources to reach the appropriate security level for this university will be defined through a formal risk assessment initiative, which will better determine the current state of information technology security at SCSU.
Revised: May 2003