The University of Memphis
Security and Protection of Electronic Information Resources
The University of Memphis (U of M) has established and maintains an array of information technology resources (e.g. software and systems, networks, servers, pc’s, printers and other devices) collectively known as the University of Memphis “IT Commons.” This IT Commons exists to serve the needs of the faculty, staff, and students at the U of M. The U of M communication networks are a critical component of the IT Commons.
Access to U of M technology resources is a privilege, not a guarantee, and may be revoked at any time for violation of acceptable use (see policy UM1535.)
The University requires that all equipment that attaches to the U of M network meets certain minimum standards to assure the operational integrity and security of the U of M IT Commons.
Each member of the campus community is responsible for the security and protection of electronic information resources over which he or she has control or use. Resources to be protected include networks, computers, software, and data. The physical and logical integrity of these resources must be protected against threats such as unauthorized intrusions, malicious misuse, or inadvertent compromise. Activities outsourced to off-campus entities must comply with the same security requirements as in-house activities.
|Detection and Prevention|
The Information Technology Division (ITD) is responsible for operating and managing campus communications networks as a campus resource available to all members of the campus community. ITD is authorized to monitor network activity and usage as necessary to detect potential network abuse or threats to the availability or integrity of campus information resources. Upon detecting a security breach, ITD, in consultation with the Office of Legal Counsel, shall exercise due diligence in the timely investigation of suspected security incidents and promptly communicate with Local Support Providers (LSPs) and other campus users regarding actions that may be required to protect campus information resources.To prevent security breaches, LSPs have an ongoing responsibility:
|Response to Threats to the IT Commons|
|IT State of Emergency|
In the event of an actual attack on the network, or a credible warning of an impending attack, the university's VP/CIO will mobilize all available resources, including LSPs, to counter the attack and/or threat, or to recover from an attack. The VP/CIO will determine if an attack/threat rises to the level of a "state of emergency." During a declared IT State of Emergency, ITD will provide leadership and supervision for all ITD and LSP personnel until the attack/threat has been eliminated and the network has been restored to normal operations.
Once an IT State of Emergency is declared, and for its duration, the VP/CIO will review the situation with the President and executive staff, and provide regular, periodic briefings on status.
After an IT State of Emergency ceases, the VP/CIO will prepare an impact report for the President and executive staff.
|Local Support Provider Responsibilities During a Declared IT State of Emergency|
For the duration of any declared IT State of Emergency, all LSPs will report operationally to the VP/CIO. These actions are critical to ensure the University's IT Commons is protected and restored as quickly as possible to normal operations.
ITD will assign campus IT staff resources (LSPs as well as ITD Staff) to priorities of greatest need. In all cases, ITD will task LSP staff to respond to the needs of their home department/units as quickly as possible.
|What are examples of threats serious enough to invoke a Declaration of an IT State of Emergency?|
|University of Memphis Acceptable Use of Information Technology Resources||http://policies.memphis.edu/UM1532.htm|
|Tennessee Board of Regents Policy on Information Technology||http://www.tbr.edu/policies/default.aspx?id=4862|
|University of Memphis Crisis Management Planning|
| ||UM1566 - Issued: January 25, 2008|
|Academic||Finance||General||Human Resources||Information Technology||Student Affairs|
| || || || |