By Charlotte Russell,
Director, Administration and Compliance (CITC), Information Security
Faculty and staff who
come into contact with University data (e.g., student records, personnel
information, financial data, etc.) are strongly encouraged to either attend a
classroom-based security awareness course or take the online security course.
Both are offered by the CITC Information Security group. If you handle some type
of protected information, these courses will help you to become more aware of
how important it is to ensure the security of university information.
You can learn more about information security in a number of
Here are a few examples of methods that you can use to help
ensure the protection of data and resources:
Save important files to the network rather than to your hard
passwords and avoid using your UNT passwords on external systems.
Don’t reply to e-mail requesting personal information, even
if the source seems legitimate.
Keep your software up-to-date.
Social security numbers have been replaced by the empl id
and should never be collected or stored on desktops, workstations, or
on web servers.
Credit cards numbers should never be transmitted via
unencrypted means (e.g., e-mail, web forms, etc.). Departments who process
credit card information must be authorized by UNT's Student Accounting and
University Cashiering Services department.
If one of your job functions requires you to handle
sensitive data, ensure that it is transmitted via secure channels only (ex:
ssh, ipsec, ssl, etc.).
Research software and obtain permission from your supervisor
and network manager before you install it. Look for known vulnerabilities by
using websites such as www.secunia.com,
www.securityfocus.com, or even
popular search engines.
When using ssh, remember to disable root logins, use strong
passwords (or even use key authentication instead of passwords), and filter
connections to trusted sources.
If you are creating homegrown web applications, remember to
keep best security practices in mind. Check the
www.owasp.org community for current web
application security standards or contact Central Web Services at
firstname.lastname@example.org for technical assistance.
Remember, if you administer a website, register it at
http://web3.unt.edu/siteregistration. See this recent
article in Benchmarks Online for background information on this
Subscribe to an Information Security RSS Feed from
http://security.unt.edu/news/vulnerabilities The feed icon is located at
the bottom of each of the pages.
Return to top