Information Security & Compliance
Our university prides itself on the free exchange of knowledge and ideas, which means some information created or maintained by at ESU can and should be shared with the public. However, some information assets need to be protected from unauthorized modification, destruction, or disclosure. Regulations, laws, privacy rights and a sense of due diligence all play important roles in information security and compliance. Information security covers physical security (locking information and servers away), awareness of risks and threats, and electronic security such as anti-virus programs and encryption of files. Compliance covers following industry standards and university, Kansas Board of Regents, local, state, and federal laws or regulations. Pairing security and compliance together help to strengthen the Information Security Program at Emporia State University.
Information Security Compliance
Emporia State University's Peer to Peer File Sharing Statement
Emporia State University’s security policies are in place not only to help protect ESU’s information, but to set standards on acceptable computing using ESU’s Internet access. ESU’s Digital Millennium Copyright Act (DMCA) policy states:
“..users of Internet services and equipment and equipment provided by ESU are responsible for their compliance with all copyright laws pertaining to information they place on or retrieve from the Internet.”
There are a variety of ways to participate in security awareness. Employees have access to online courses in Blackboard, or attending face to face sessions scheduled annually and on request. Students have options to learn more during Cyber Security Awareness Month activities held in October. The ESU community has access to Information Security Threat status updates and announcements. An example of one important security awareness topic is below.
Phishing scams are becoming increasingly sophisticated and harder to detect. Protect yourself! Read more about phishing and what you need to do to protect your private information. View this tutorial to learn more.
Information Security Policy Development
Official policies relating to technology information and technology security are now contained within the Emporia State University Policy Manual. Although all faculty, staff and students are required to follow the Information Security policies located in the manual, below are specific policies students should be aware of:
- Information Technology Usage Policy
- Password Policy
- Network Controls
- Controls Against Malicious Software
- Digital Millennium Copyright Act
University policies relating to Information Technology are located in Chapter 3 of the Policy Manual.
University Antivirus Management
Emporia State University utilizes the Symantec Anti-Virus solution to protect university owned computers. In addition, students, staff, and faculty have the option to utilize Symantec Anti-Virus on their personal computers and laptops for FREE. For more information, go to the "IT For You" section of our IT Website.
Incident Response (CSIRT)
An Information Security (IS) incident is something that has happened to compromise the information of students, faculty, and/or staff, as well as ESU business information. An IS incident could be:
- Your ESU owned computer or laptop is missing
- Your ESU network account is being used when you are not using it
- Someone else's UserID is showing on your logon screen
- You notice unsafe information protection practices.
When IS incidents happen, serious threats and consequences can occur. ESU faculty and staff are responsible for reporting suspected or known security incidents, including any observed or suspected security weaknesses in ESU systems or services. (Read the IS Incident Reporting procedures. At times, the Computer Security Incident Response Team (CSIRT) are required to be called together to handle incidents. Members of the CSIRT include employees from various administrative and technical teams at Emporia State University.