Memo from Larry Conrad of ITS regarding policies enacted campus wide. Contains links to policy documents and additional information.
M E M O R A N D U M TO: All Computer Users FROM: Larry Conrad, Vice Chancellor for Information Technology and CIO DATE: August 1, 2011 SUBJECT: Understanding Information Security at Carolina There are more than 30,000 attempted hacks each day on the University's computer network. Laptop computers, smart phones, and other mobile devices are occasionally lost or stolen. Information Technology Services devotes significant resources to network security efforts, but each person who accesses the University network is also responsible for taking appropriate steps to safeguard the network and University sensitive information maintained on the network. Recently, Information Technology Services enacted policies designed to inform the campus community about its responsibilities for protecting the University's computer networks and sensitive information. Beginning September 15, 2011, all computer users are required to certify annually that they have read the Information Security Policies Summary (http://help.unc.edu/CCM3_020433) and that they understand and agree to abide by the information security policies that are applicable to them. In addition, all users with access to the University's Protected Health Information or Personally Identifiable Information (e.g., Social Security numbers, credit/debit card information) are required to affirm that they will not store this information on mobile devices without both (i) obtaining prior authorization from their dean or the head of their business unit, and (ii) encrypting the data. This affirmation will occur as part of the Onyen password reset process. Please take time before September 15 to read the Information Security Policies Summary and make sure you understand your role in keeping the University's computer resources and sensitive information secure. The Information Security Policies are located at: http://its.unc.edu/ITS/about_its/its_policies/index.htm. Additionally, an Information Security Training and Awareness module is available at https://itsapps.unc.edu/ITSSelfStudy/. Information regarding mobile device encryption is available at http://help.unc.edu/CCM3_021069. I understand this is an additional commitment for your already-busy schedule, but it is imperative that everyone takes the time to review, understand, and comply with the policies. Information security is a shared responsibility for the entire campus community. With your help, we can better protect the University's computer network and sensitive information from potential compromise. Please contact Stan Waddell (email@example.com), Information Security Officer, or me (firstname.lastname@example.org) if you have any questions about these policies or the certification process. You can also reach us at 962-3444. Thank you for your help in making the University's computer network more secure. cc: Bruce Carney Holden Thorp Stan Waddell This email is sponsored by: Information Technology Services