The new USNH System Access Control Policy takes effect May 1, 2009. The revised version of the policy calls for specific requirements that will increase protection of information technology resources, information, and the privacy of USNH persons and clients. This additional protection is necessary to address evolving threats from malicious activity, software, social engineering, and other unauthorized exposure of restricted data. Exposure to these threats result in difficulties for persons whose account or information was compromised, as well as financial, legal, and public relations burdens for organizations where exposure occurred.
While the policy requires steps to protect information of others, it also protects individual privacy. Each component of the policy has a purpose. For example, periodic password changes and the use of strong passwords help protect computer accounts from deliberate hacker attacks.
Another example is the use of E-mail as a method to distribute Social Security Numbers (SSNs) which is risky, at best. Eliminating this process or encrypting E-mails with SSNs helps protect them from being accidentally exposed to the wrong person, or having a message with SSNs sent from your E-mail to your contacts following an infection by a malicious program. While the requirements of the policy may feel burdensome in some cases, they are based on best practices that have value not only at work, but also while using your home computer.
Please check cis.unh.edu/itsecurity for updates about this policy. Please contact firstname.lastname@example.org with questions about the System Access Policy, or if you would like to schedule an information session.