The university has developed an information security program to guide university employees through the appropriate steps in protecting university data. Although the program deals in large part with data maintained electronically, it also provides guidance on dealing with hard copy information.
The goals of the security program are to:
- Protect the university's IT systems and information assets from unauthorized access, alteration, disclosure or destruction.
- Ensure the reliability and availability of the university's IT systems and information assets.
- Ensure the privacy of faculty, staff and student information and that of other university customers or associates.
- Protect the reputation of the university and ensure compliance with federal and state laws and regulations.
- Establish resources and guidelines that allow all individuals within the university community to practice good data stewardship.
At the heart of the program is the Data Classification System. In order to apply security measures in the most appropriate and cost effective manner, data stored electronically must be evaluated and assigned a Data Classification Level (DCL) of 1, 2, 3, or 4. The DCL of the data establishes the extent and type of information security measures that must be implemented.
The Information Security Program also has requirements for access control, asset management, and mandatory reporting of information security incidents and will continue to evolve as threats to the university’s information change and measures for addressing those threats evolve.
University of Missouri Information Security Program: Information Security Program
- IT security begins with you! If you have a weak password, leave your computer unlocked and unattended, store private or confidential data in a non-encrypted or non-protected way, or fail to back up important information, then you are potentially making yourself and the university vulnerable to security breaches and to the loss or compromise of important and sensitive information.
- Social engineering – the hottest scam going; No legitimate organization, including the university or your bank, will never ask you for your account information or password, You should never provide this information to anyone at any time, especially through email. An ever increasing number of scams are created on a daily basis to trick you into providing your password or other account information, such as bank accounts and credit card numbers. Don't fall for it! Contact your IT support person, the IT help desk or your campus Information Security Office if you receive a suspicious email or phone call.
- IT security breaches can put sensitive information at risk. A breach of IT security could be as simple as accidentally sending an email attachment to the wrong person, or as serious as having your laptop stolen in an airport. Regardless of the seriousness, all information security incidents or suspected incidents should be reported.
- Mobile devices, like laptops and USB drives, are convenient ways to capture and store data, but are also particularly vulnerable to security breaches - with consequences as severe as seeing sensitive research data in the newspaper. Encryption is one way to improve the security of these devices. Consult with your IT support person about how to obtain encryption software.
In addition to consulting with your designated IT support person, your campus Information Security Officer (ISO) is always available to help.
For legal assistance, please contact the Office of the General Counsel at http://www.umsystem.edu/ums/gc/