- Responsibility for information security on a day-to-day basis is every worker’s duty. Specific responsibility for information security is NOT solely vested in the Information Services Department.
- The internal configurations, and related system design for Purdue North Central networked computer systems must be restricted such that users outside Purdue North Central internal network cannot access this information unless given approval by the Manager of Information Services or the Director of Information Services.
- Unauthorized personnel are not permitted in the computer room.
- When the computer room is vacant, the door must be locked.
- Visitors or other third parties who have access to Pearl and/or other work areas containing sensitive information must be controlled by staff members.
- The Manager of Information Services will grant permissions for the creation of user accounts as individuals are hired. The system privileges of all users will be restricted based on the need-to-know.
- Each user-ID must uniquely identify only one user. Shared or group user-ID’s are not permitted.
- All user-ID creation, deletion, and change activity preformed by UNIX specialists must be securely logged.
- All user access privileges must cease when workers terminate.
- User-ID and Password information must be sent in a sealed envelope with no notification of what is in the envelope.
- Passwords must be constructed to meet the following requirements:
- Password must be between 8 and 16 characters long.
- Characters must be from the 7-bit US-ASCII character set; letters from the English alphabet.
- Must have a combination of letters and numbers with at least 1 letter and 1 number (Do NOT use only letters or only numbers).
- Must be a different password than what was previously used (Do NOT reuse previous passwords).
- Must contain a minimum of 4 unique characters.
- Must NOT contain the words password, pnc, purdue, purduenc, panther and any combinations of your username, first name, last name and PUID.
- Do NOT use blank spaces.
- All users must change their password at least once every 120 days.
- The initial passwords issued by a security administrator must be changed in the user’s first on-line session.
- After five unsuccessful attempts to enter a password, the involved user-ID will be suspended.
- All passwords must be promptly changed if they are suspected or known to have been disclosed to unauthorized parties.
- Passwords must not be written down and left in a place where unauthorized persons might discover them.
- Users must never write down or otherwise record a readable password and store it near the access device to which it pertains.
- Regardless of the circumstances, passwords must never be shared or revealed to anyone else besides the authorized user.
- Users are responsible for all activity performed with their personal user ID’s.
- If there has been no activity on a computer, terminal, or workstation for 15 minutes, the system will automatically log-off the user.
- Users must not leave their microcomputer, workstation or terminal unattended with out first logging-out or locking the computer.
- All critical business information and critical software resident on the computer system (Pearl) must be periodically backed-up. These backup processes must be performed daily:
Archive HPUX (includes Edvanta software )
- Backups of essential business information and software must be stored in an access-controlled site that is a sufficient distance away from the originating facility to escape a local disaster.
- Backups of essential business information and software must be maintained for recovery process.
Archive Informix – 7 days
Archive HPUX (includes Edvanta software) – 7 days
Logical Logs – 2 weeks
If you have any questions, concerns, or suggestions, please contact the Help Desk at ext. 5511 or submit a trouble ticket online.