Technology Security Responsibilities for Directors, Deans, and Mid-level Managers
- Limit and manage access and guest privileges for contract and student workers only to those workstations, systems, and information that are required to perform their responsibilities.
- Managers must inform staff that computer/network accounts owned by The College must be used for College related activities only.
- Manage access to other non-College of New Jersey systems to protect them from abuse or compromise.
- Manage access to information and the information itself to ensure that it stays within the scope and requirements of your office function and that it is not shared, transmitted, recorded, or given out in any form to anyone who does not have purview to the information.
- Realize that there are institutional, local, state, and federal laws relating to the proper use and disclosure of the information that is managed and/or processed in your departments.
- Take appropriate and reasonable steps to inhibit attempts from someone to obtain unauthorized copies of information processed in your departments or to gain unauthorized access to workstations or information.
- Take all appropriate steps to ensure that staff who voluntarily terminate their employment with The College return their physical access keys/cards and other College owned items on their last day of work.
- Take all appropriate steps to ensure that staff who are involuntarily dismissed from The College return their access keys/cards. If this is not done, notify all responsible departments to deny access, cancel cards and re-key locks if needed.
- Managers must inform staff not to write passwords or other sensitive information on notepaper and stick them to workstations, place them on walls or keep them in obvious locations in or around the desk.
- Train staff and endeavor to manage the proper logoff of systems and computers by staff at the end of the workday or for breaks to ensure all critical information is not exposed and that computer systems will require a password to regain access to the systems.
- Train staff on the sensitive nature of the information accessed and processed in your departments so that no data, reports, information, etc. are left exposed for anyone to read or pick up. Sensitive information includes but is not limited to social security number, address, phone, birth date, grades, financial and medical information.
- Train staff in the proper use and makeup of passwords they generate.
- Implement proper controls for handling the acquisition, use, change, deletion of data/information within your department.
- Question and challenge unfamiliar individuals who are in secure or sensitive areas of your department or in other departments of which you are aware.
- Managers must inform staff of the importance of storing important work related files/databases on the network (ex: H: or S: drives), and not on their local drive.
- To the best of your ability ensure that staff do not physically or electronically connect any device to their workstation without approval from Information Technology.
Endorsed by the Information Technology Planning Council 11/2006