IS Security
Introduction
CSM's information resources contain data and systems which are critical to efficient operation of the University. Consequently, a security system has been designed to protect against unauthorized change, disclosure, or destruction of data or programs or other misuse of system resources. This system combines administrative procedures, access controls, and other hardware, software and physical controls to protect CSM systems against damage while minimizing inconvenience to CSM employees who are authorized to use these systems. This procedure describes only those controls which authorized CSM system users must navigate to complete their work.
Application for Administrative System Access
Users who need access to Banner, e~Print or other Banner-related system, must follow the procedures described at this link: http://www.is.mines.edu/LINK/Gen_access.asp Further, they must read and agree to the officially approved policy on access to administrative data found at this link: http://www.is.mines.edu/link/docs/CSMAdminDataAccessPolicyFinal.pdf
Users who deal with medical or student information must be familiar with applicable regulations (e.g. HIPAA, FERPA, etc.) and IS relies on the Manager or Director of the area to insure those regulations are followed.
Users and department heads may contact the Director of Information Services (x3155) to clarify which specific resources they need. Requests must be presented to Information Services in room 130 of the Guggenheim Building.
General Computer Usage Policies
In addition to the Administrative Data Access Policy, all applicants for administrative computer system access are required to follow the General Computer Usage Policy promulgated by the Academic Computing and Networking Department. This policy defines the ethical and legal use of CSM computing resources and clarifies the user's responsibility in affecting that use.
Network Access
Access to any of the Windows networks is controlled via usernames. These usernames are separate from either mainframe usernames or major system operator numbers and are associated with a separate password. Usernames (and email addresses) are of the form Firstname.Lastname@is.mines.edu. Passwords may be up to 32 characters long and must be changed every 180 days. Further, passwords must be "strong", meaning that they must:
- Be at least seven characters long. (Because of the way passwords are encrypted, the most secure passwords are seven or 14 characters long.)
- Contain characters from each of the following three groups:
Group Examples Letters (uppercase and lowercase) A, B, C... (and a, b, c...) Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 Symbols (all characters not defined as letters or numerals) ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . / - Have at least one symbol character in the second through sixth positions.
- Be significantly different from prior passwords.
- Not contain your name or user name.
- Not be a common word or name.
Workstation Security
Users are responsible for the security of their own workstations, however IS and Computing and Networking will take appropriate action (including disconnection from the network) if a workstation presents an unacceptable security risk to data or network security.
All workstations on the IS sub-domain must run the current virus scanning software which is installed upon joining the sub-domain. Updates are automatic and cannot be disabled by the individual workstation user. Personal web or other servers, dial-in modems, etc. must be setup and approved by IS. In some cases individual workstation firewall software may be required for this approval. Users who desire to offer services off-campus (e.g. web server), must request an exception in the campus firewall to allow access to their machines. See the campus firewall pages at http://www.mines.edu/academic/computer/security/firewall/. Users are always discouraged and in some cases prevented from installing software on CSM-owned workstations. This includes screen-savers, multi-media applications, etc. Software required for CSM work must be purchased by the department but will be installed by IS.
Unattended workstations are vulnerable to local data destruction, access, or change. The best prevention is to provide good physical security for the device itself. Everyone is encouraged to question unfamiliar people using or attempting to use a workstation. All workstations on the IS sub-domain lock after a period of 15 minutes of inactivity and must be unlocked with the user's password.
Mainframe connection is only supported via secure protocols such as ssh, ssl, and sftp. Off-campus connection to the mainframe is only on an as-needed immediate basis or via the campus VPN. Contact IS for help if you need off-campus access to mainframe systems. The mainframe system enforces timed log-off of inactive sessions but users should not leave their workstation unattended with an open session.
Account Termination
Accounts of users who terminate employment with CSM will be disabled on the effective date of termination or as soon as IS is informed. Data belonging to the user (including the user's entire mailbox) will be archived to a CD and their accounts deleted. Archived data will be returned to the user's department head. Email may be forwarded to the supervisor for a period of time after termination.
130 Guggenheim Building
1500 Illinois St.
Golden, CO 80401
Last Modified: June 16, 2005
©2008 Colorado School of Mines