The University of Memphis
Security and Protection of Electronic Information Resources
The University of Memphis (U of M) has established and maintains an array of information technology resources (e.g. software and systems, networks, servers, pc’s, printers and other devices) collectively known as the University of Memphis “IT Commons.” This IT Commons exists to serve the needs of the faculty, staff, and students at the U of M. The U of M communication networks are a critical component of the IT Commons.
Access to U of M technology resources is a privilege, not a guarantee, and may be revoked at any time for violation of acceptable use (see policy UM1535.)
The University requires that all equipment that attaches to the U of M network meets certain minimum standards to assure the operational integrity and security of the U of M IT Commons. Any equipment, including virtual devices, that fails to meet minimum required standards for operational integrity and security are subject to removal from the network unless an exception is granted by the CIO.
Each member of the campus community is responsible for the security and protection of electronic information resources over which he or she has control or use. Resources to be protected include networks, computers, software, and data. The physical and logical integrity of these resources must be protected against threats such as unauthorized intrusions, malicious misuse, or inadvertent compromise. Activities outsourced to off-campus entities must comply with the same security requirements as in-house activities.
|Detection and Prevention|
Information Technology Services (ITS) is responsible for operating and managing campus communications networks as a campus resource available to all members of the campus community. ITS is authorized to monitor network activity and usage as necessary to detect potential network abuse or threats to the availability or integrity of campus information resources. Upon detecting a security breach, ITS, in consultation with the Office of Legal Counsel, shall exercise due diligence in the timely investigation of suspected security incidents and promptly communicate with Local Support Providers (LSPs) and other campus users regarding actions that may be required to protect campus information resources.
To prevent security breaches, LSPs have an ongoing responsibility:
|Response to Threats to the IT Commons|
|IT State of Emergency|
In the event of an actual attack on the network, or a credible warning of an impending attack, the university's CIO will mobilize all available resources, including LSPs, to counter the attack and/or threat, or to recover from an attack. The CIO will determine if an attack/threat rises to the level of a "state of emergency." During a declared IT State of Emergency, ITS will provide leadership and supervision for all ITS and LSP personnel until the attack/threat has been eliminated and the network has been restored to normal operations.
Once an IT State of Emergency is declared, and for its duration, the CIO will review the situation with the President and executive staff, and provide regular, periodic briefings on status.
After an IT State of Emergency ceases, the CIO will prepare an impact report for the President and executive staff.
|Local Support Provider Responsibilities During a Declared IT State of Emergency|
For the duration of any declared IT State of Emergency, all LSPs will report operationally to the CIO. These actions are critical to ensure the University's IT Commons is protected and restored as quickly as possible to normal operations.
ITS will assign campus IT staff resources (LSPs as well as ITS Staff) to priorities of greatest need. In all cases, ITS will task LSP staff to respond to the needs of their home department/units as quickly as possible.
|What are examples of threats serious enough to invoke a Declaration of an IT State of Emergency?|
|University of Memphis Acceptable Use of Information Technology Resources|
|Tennessee Board of Regents Policy on Information Technology|
|University of Memphis Crisis Management Planning|
UM1566 - Revised: May 09, 2014|
UM1566 - Issued: January 25, 2008
|Academic||Finance||General||Human Resources||Information Technology||Student Affairs|
| || || || |