Hero Image

INTRANET SECURITY

The Southern Adventist University network is divided into security zones to maintain separation among internal university networks and the Internet. The Intranet zone, comprising computers and servers containing confidential and proprietary data, is subject to stricter rules. This policy defines these rules and augments the existing university policies for computers and users.
User Responsibility
  1. Users should not share their passwords with anyone. No one, including Information System employees, has authorization to ask for a password. Users are required to change their password once a year.  It's advisable to memorize passwords or use a password manager in order to avoid the need to write them down.
  2. If workstations are left unattended, users should lock their machine. For longer periods, users should log out of all administrative software and log out of their account on the machine.
  3. Intranet servers are to be used primarily for university data and not personal files. Users will be required to provide an explanation for excessive use of Intranet storage space.
  4. Users should report to Information Technology any suspected security violations, security problems, or suspicious behavior as it relates to computer security.
Security Audit
Information Technology staff will annually audit security on the Intranet zone. This audit will include network scanning of all workstations, review of server configurations, reevaluation of firewall rules, testing of backup and recovery procedures, and review of this policy as outlined below.

Policy evaluation and review

This policy will be reviewed annually to ensure that it is relevant, serves the needs and priorities of the institution, and is consistent with current trends in information technology. The following process will be followed:

  1. Information Technology Networking Staff reviews this policy before the May meeting of the Information Technology Advisory Committee. Additional input will be solicited from members of this committee.
  2. The executive director of Information Technology compiles possible changes for discussion at the summer I/T advisery committee meeting.
  3. The I/T advisery committee votes policy editions.