2011 Campus Memo:Understanding Information Security at Carolina

Memo from Larry Conrad of ITS regarding policies enacted campus wide. Contains links to policy documents and additional information.


TO:		All Computer Users
FROM:		Larry Conrad, Vice Chancellor for Information Technology and CIO
DATE:		August 1, 2011
SUBJECT:	Understanding Information Security at Carolina

There are more than 30,000 attempted hacks each day on the University's
computer network.  Laptop computers, smart phones, and other mobile
devices are occasionally lost or stolen.  Information Technology
Services devotes significant resources to network security efforts, but
each person who accesses the University network is also responsible for
taking appropriate steps to safeguard the network and University
sensitive information maintained on the network.

Recently, Information Technology Services enacted policies designed to
inform the campus community about its responsibilities for protecting
the University's computer networks and sensitive information.  Beginning
September 15, 2011, all computer users are required to certify annually
that they have read the Information Security Policies Summary
(http://help.unc.edu/CCM3_020433) and that they understand and agree to
abide by the information security policies that are applicable to them.

In addition, all users with access to the University's Protected Health
Information or Personally Identifiable Information (e.g., Social
Security numbers, credit/debit card information) are required to affirm
that they will not store this information on mobile devices without both
(i) obtaining prior authorization from their dean or the head of their
business unit, and (ii) encrypting the data.  This affirmation will
occur as part of the Onyen password reset process.

Please take time before September 15 to read the Information Security
Policies Summary and make sure you understand your role in keeping the
University's computer resources and sensitive information secure.

The Information Security Policies are located at:
http://its.unc.edu/ITS/about_its/its_policies/index.htm.  Additionally,
an Information Security Training and Awareness module is available at
https://itsapps.unc.edu/ITSSelfStudy/.  Information regarding mobile
device encryption is available at http://help.unc.edu/CCM3_021069.

I understand this is an additional commitment for your already-busy
schedule, but it is imperative that everyone takes the time to review,
understand, and comply with the policies.  Information security is a
shared responsibility for the entire campus community. With your help,
we can better protect the University's computer network and sensitive
information from potential compromise.

Please contact Stan Waddell (stan_waddell@unc.edu), Information Security
Officer, or me (larry_conrad@unc.edu) if you have any questions about
these policies or the certification process.  You can also reach us at

Thank you for your help in making the University's computer network more

cc:	Bruce Carney		Holden Thorp		Stan Waddell

This email is sponsored by: Information Technology Services