The Importance of IT Security

The Importance of IT Security

 Due to advances in technology, communication and the university's decentralized nature, it is increasingly difficult to ensure that this information is provided in such a way that its integrity is ensured.

 To protect University integrity

To protect University assets Assets are not just physical computing hardware, but include the information stored on computers and networks. Years of critical research data, personal information and sensitive documents can be lost or destroyed without a plan for securing them and a good backup and recovery plan.

How many research grants would be awarded to the university if data were compromised on a routine basis? How many distinguished professors would seek University employment if the computing environment was unreliable? Developing and maintaining effective security measures enables trust and stability of a great university.

To comply with regulatory requirements and fiduciary responsibility

University leadership has responsibility to ensure the safety and soundness of its organizations. The protection and management of of non-public personal information (NP PI) must comply with a variety of state, federal and university laws. Accurate and reliable reporting according to these laws has an impact on the academic and financial health of the university. Failure to comply with these guidelines can have direct effects on the University’s ability to do business and continue its mission.

To improve efficiency

Good security practices can be a force multiplier. By integrating security tasks into job descriptions; installing and updating anti-virus software to local desktops and servers; backing-up important files and storing them in a secure offsite location; insuring processes and procedures are in place; and educating the user population about responsibilities pit falls and time lost by system compromises can be avoided. Although no system connected to the network is 100% secure, your ability to rapidly recover from a compromise can make the difference in the department’s productivity.

Information technology and computing pervades every aspect of daily life. Collectively, we use technology to teach and learn, to communicate and collaborate, to manage operations and finances, to access and deliver information and services. However, in this age of dynamic technological change, universities are prime targets for compromise. Information security experts acknowledge the importance of policies in helping to mitigate liability, reduce costs, cope with regulations and assure proper audit and control procedures for securing our critical infrastructure and assets. Confidentiality, integrity and availability are the three predominant principles of information protection. Compromising these principles leaves systems in jeopardy.

Expected Standards

Rutgers University’s organizational structure is decentralized and departments are responsible for many administrative operations. Expectations:

• Be responsible and accountable.
• Be good stewards of university assets, revenues, and resources.
• Conduct their work with integrity and high ethical values.
• Exercise sound judgment (Standards for University Operations)

Best Practices

A department security posture and plan should be established and policies created to address security concerns and other IT issues such as:

• Remote access
• Equipment/software removal
• Acceptable software
• File-sharing
• System/file access
• Document and log retention
• Back-up of critical information/systems
• Virus protection
• Competent primary and backup personnel
• Clear and complete job descriptions
• Proper operating procedures
• Training
• Segregation of duties
• Proper design of controls
• Disaster planning and recovery

IT planning should include roles & responsibilities which will support the use of information technology.

Provide staff access to only necessary accounts and non-public personal information (NPPI) discuss roles and responsibilities. Appoint staff to back-up these individuals.

Identify a departmental Systems Administrator and/or Unit Computing Specialist to accept responsibility (under your direction) for the care and maintenance of your systems. Discuss your department's security posture, policies, roles and responsibilities. Work with through the Security Q & A Project with your technical staff to understand and direct the basics of IT security.