Relevant MUSC Policies
MUSC Computer Use Policy http://www.musc.edu/infoservices/cup.html
MUSC Information Security Policies http://www.musc.edu/security/policy/
MUSC Information Security Standards http://www.musc.edu/security/standards/
MUSC Incident Response http://www.musc.edu/security/policy/incident-response.shtml
MUSC Computer Use Policy, Part D
- All MUSC faculty, staff and students share in the responsibility for protecting MUSC's information systems against threats to availability, integrity and confidentiality. The owners, administrators, and users of all MUSC systems, and all MUSC data, are required to understand and meet their assigned security responsibilities, as defined in this policy, and all other applicable University policies.
- The users of all systems must maintain adequate passwords on their accounts. Passwords to individual user accounts must be kept in strictest confidence, and may not be shared with others. System administrators should never ask users to reveal their passwords for any reason, and users should never reveal their passwords to (anyone claiming to be) a system administrator.
- The users of all systems must comply with a system administrator's request to change passwords. Users should choose their own passwords, and if an initial password must be assigned by a system administrator, the user should be required to change it upon first use.
- The users of all systems are responsible for understanding the system's default levels of protection applied to files and messages, and for supplementing that protection if necessary for sensitive information.
- MUSC faculty, staff, and students are accountable for the security of any computer or other device that they connect to MUSC's campus network. No device may be connected to MUSC's network unless the owner of the device first ensures that is has been configured, and will be maintained and operated, in accordance with all applicable MUSC information security policies and standards.
- Users should refrain from storing sensitive MUSC data on end-user computing, storage and communication devices, including but not limited to desktop computers, laptops, tablets, PDAs, thumb drives, memory cards, or communication devices such as cell phones or smart phones. If there is an unavoidable business need to store sensitive MUSC data on an end-user device, then the user(s) of the device must comply with all applicable MUSC data protection policies and standards, including the use of MUSC-approved encryption technologies.
- MUSC faculty, staff and students are required to report any security incident that affects any MUSC information system or any MUSC data. Any user who discovers an information security breach, or who discovers a significant vulnerability that could lead to a breach or a compromise, is required to follow the procedures defined in the Incident Response Policy.
- All facilities for incoming remote access to computer systems and communication servers which are directly or indirectly connected to the University's campus-wide data communications network must provide adequate protection of other networked systems against unauthorized access. An audit trail of all remote access activity must be maintained by any facility which provides remote access, and audit trail records must be accessible by authorized University official