Antivirus
Software Policy
This policy requires you to maintain antivirus software on your university-owned
computer and any personal computer that you utilize to initiate a remote
connection to Georgia State’s network (when you dial up from home to
connect to systems or applications available on the university network).
Hundreds of virus and Trojan Horse infections that were discovered on
systems located in various departments on campus (or brought in from
home to connect to the network) over the last 9 months could have been
prevented if the user had installed and maintained Norton Antivirus
software.
(http://www.gsu.edu/%7Ewwwist/antivirussoftware.htm)
Internet Services
Registration Policy
This policy requires you to register any systems providing services
(mail, ftp, web, etc.) to others, commonly known as operating a server
versus a workstation. For example, if you install Internet Information
Services on your Windows 2000 workstation, you are now operating a
server that must be registered and properly secured, due to the fact
that your system will provide services to others over the network
and/or internet. A major category of critical security incidents that
have occurred on campus have been serving devices that were not properly
secured prior to connection to the network. Once compromised, these
“hacked” systems attacked government, corporate and individual systems
over the internet and resulted in the disruption of services to departments
on campus that were affected. (http://www.gsu.edu/%7Ewwwist/internetservices.htm)
Sensitive Information
Protection Policy
This policy is intended to protect sensitive information that is stored
on university systems, such as FERPA, HIPAA, personal data of employees
and students, financial data, etc. As systems containing these types
of data are successfully compromised by intruders, the potential for
exposure and use for nefarious purposes becomes a major issue. Therefore,
it is critical to properly secure any systems that you maintain where
sensitive data is accessed, processed, or stored. If you manage a
server that contains sensitive data, the preferred solution is to
house that system within the UCCS Institutional Operations Center,
so that it can be properly secured and protected from harm. (http://www.gsu.edu/%7Ewwwist/sensitiveinformation.htm)
Procedures will
be forthcoming that will advise you how to register serving devices.
In the meantime, please ensure that Norton Antivirus is installed
on your university systems and that you are properly securing sensitive
data stored on any systems that you manage.