Security
Notices:
“Phishing”
Scam (7/1/2005) – Like fishing, these increasingly sophisticated
scams try to “hook” you so that the scammers can “reel-in”
your personal/private information. Read more about "Phishing".
Security
Guidelines:
Electronic
Mail and Electronic Communications Guidelines
A guide for users of the College Electronic Communications Infrastructure
SUMMARY
of Electronic Mail and Electronic Communications Guidelines
A summary of the guide for users of the College Electronic Communications
Infrastructure
Privacy
of Student, Faculty, Staff, and Alumni Nonpublic Information
Standards for Safeguarding Customer Information (The Gramm-Leach-Bliley
Act) - A guide for College Employees
The
College of DuPage Higher Education Opportunity Act (HEOA) Compliance Plan
for Combating Unauthorized Distribution of Copyrighted Materials
The Higher Education Opportunity Act (HEOA) was signed into law on August
14, 2008. Final regulations were issued on October 29, 2009. Enforcement
of the HEOA provisions formally begins July 1, 2010, and all colleges
and universities are required to make a good-faith effort at compliance.
PCI Incident
Response Plan:
The purpose of the Payment Card Industry (PCI) Incident Response Plan
(“The Plan”) is to provide a well-defined, organized approach
for handling any potential unauthorized access/breach of personal information,
specifically credit card information from the supporting credit card payment
system(s) here at College of DuPage (C.O.D.). The Plan identifies and
describes the roles and responsibilities of the Incident Response Team.
The Plan also contains instruction on how the team is to prepare and how
The Plan is to be maintained. Also included in The Plan is the contact
information for every team member and other important personnel here at
the college. The Incident Response Team, under the coordination of the
Chief Security Officer, IT, is responsible for putting the plan into action.
Copies of the PCI Incident Response Plan are CONFIDENTIAL. Copies can
be obtained by college staff, with the need to know, by contacting Keith
Conlee, conlee@cod.edu, x3055.
College-Wide
Sensitive Data Incident Response Plan:
The purpose of the College-Wide Sensitive Data Incident Response Plan
(“The Plan”) is to provide a well-defined, organized approach
for handling any potential unauthorized access/breach of sensitive data
here at College of DuPage (C.O.D.). The Plan identifies and describes
the roles and responsibilities of the Incident Response Team. The Plan
also contains instruction on how the team is to prepare and how The Plan
is to be maintained. Also included in The Plan is the contact information
for every team member and other important personnel here at the college.
The College-Wide Sensitive Data Incident Response Team, under the coordination
of the Chief Security Officer, IT, is responsible for putting the plan
into action. Copies of the College-Wide Sensitive Data Incident Response
Plan are CONFIDENTIAL. Copies can be obtained by college staff, with the
need to know, by contacting Keith Conlee, conlee@cod.edu,
x3055.
Computer
Accounts:
COD
MS Outlook Email Distribution Group Assignment Procedure
An MS Outlook email ID is assigned to a default set of email distribution
groups when it is created. After creation your email ID may be assigned
to other existing email distribution groups depending on your job category
and/or job function. If needed, a new email distribution group may be requested.
The email distribution
group assignment procedure documents how the college assigns email IDs
to existing email distribution groups, and how to request the creation or
deletion of an email distribution group.
How
do I?
Setup SPAM
Protection in Exchange?
SPAM Protection
Tips for Outlook 2003 Users.
References
For more information about College Guidelines, Federal Regulations, and Industry Standards that the college and college staff must conform to, please refer to the following references. The college must comply with these guidelines, regulations, and standards, or face liabilities including but not limited to fines, and lost service capability. The IT Security Management function is responsible for making sure compliance is met which includes technical compliance, and staff training, awareness, and compliance demonstration.
FERPA (Family Educational Rights and Protection Act):
Requires protection of education records
http://www2.ed.gov/policy/gen/reg/ferpa/index.html
PCI DSS (Payment Card Industry Data Security Standard):
Requires the protection for all credit card information and transactions.
http://usa.visa.com/merchants/risk_management/cisp_overview.html
GLBA (Gramm-Leach-Bliley Act):
Requires protection of financial information
FTC - Summary:
http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
FTC - The Act:
http://www.ftc.gov/os/2002/05/67fr36585.pdf
HIPAA (Health Insurance Portability and Accountability Act):
Requires the protection of individually identifiable health information
http://www.hhs.gov/ocr/privacy/
CALEA (Communications Assistance for Law Enforcement Act):
Requires electronic communication providers to provide easy access for law enforcement agencies to electronic communications for the purpose of electronic surveillance.
http://www.fcc.gov/calea/
HEOA (Higher Education Opportunity Act):
Among other things outside IT requires the monitoring and stopping of illegal P2P file sharing
http://www2.ed.gov/policy/highered/leg/hea08/index.html |
