home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
ethics
/
dickinso.txt
< prev
next >
Wrap
Text File
|
1994-07-08
|
23KB
|
535 lines
DICKINSON COLLEGE
INSTITUTIONAL INFORMATION POLICY STATEMENT AND SECURITY PLAN
Database Management System Security
For the Colleague/Benefactor Shared Database
March 4, 1992
I. BACKGROUND
A. Purpose The implementation of a comprehensive database
management system (DBMS) raises issues of information ownership,
privacy and security; many of which are unique to the DBMS
environment. The purpose of this statement is to identify and
address those issues via formal policy statements. Campus-wide
adherence to formal information policy will greatly reduce the
risk of compromise (either accidental or deliberate) or misuse of
sensitive data. The intent of this policy is to maximize
security and privacy without obstructing the efforts of
applications users and support personnel in the performance of
their assigned duties.
B. Scope This statement directly addresses information
and activities related to the Datatel Colleague and Benefactor
Databases. Indirectly, its intent is to complement existing
college policy relating to the handling and processing of
institutional information.
C. Environment Under traditional information systems, data
structures are often defined exclusively for each office or
Workgroup within the system. This arrangement minimizes
disagreements regarding data ownership (since each user has his
own "copy" of needed data) but introduces the problems of
duplication, currency and maintainability. Updates between
functional areas are often done in a "batch" mode by technical
personnel and requests for non-standard reports (containing data
that spans several functional areas) often require custom
programming.
The DBMS environment resolves most of these problems through
common data pools and a query language that can be accessed
directly by departmental users. This increased flexibility and
accessibility is accomplished, in part, by consolidating global
information (names, addresses, etc.) into a centralized data
structure available to all users. Privacy is maintained by
splitting sensitive information into subordinate limited access
files.
II. POLICY
A. AUTHORITY This policy statement is authorized by The
President of the College. All employees and agents of the
college will become familiar with and adhere to the policy when
engaged in information based activities. Disagreements regarding
access to data or any other issues arising from ambiguous or non-
existent policy shall be forwarded to CAUG for review and
resolution. Further disagreements shall be forwarded to CAG for
final disposition. B. OWNERSHIP The Colleague and
Benefactor Program Licenses, data, and custom applications
programs are the exclusive property of Dickinson College and
shall be used by its employees and agents only in the conduct of
official college business.
C. CUSTODY OF DATA Database information is classified and
assigned custody as follows.
1. COMMON DATA Common data are held in files that may
be accessed by users from several Workgroups. Workgroup
Administrators are co-custodians of common data. Decisions
regarding the use of common data are the responsibility of each
Workgroup Administrator, as needed in the conduct of official
college business and to the extent that the use of that data is
consistent with institutional procedures and the policy stated
herein.
2. WORKGROUP DATA Workgroup data are assigned to the
exclusive custody of the Workgroup Administrator. Each Workgroup
Administrator is responsible for assuring that Workgroup Data
under his/her custody, is used in a manner consistent with the
policy stated herein.
D. COPIES OF DATA vs. OFFICIAL DATA The data that
physically reside in the Colleague and Benefactor Live Data areas
on the Sequent file system, constitute the "Official" Dickinson
Database. Both Official and Unofficial Colleague and Benefactor
data are considered the exclusive property of the college and are
governed by the policies defined herein.
E. MAINTENANCE OF DATA Unless explicitly noted in this
statement and/or its appendices, maintenance of any specific
workgroup data element is confined to a single office.
Responsibility for coordinating and communicating the maintenance
of common data will be assigned by and with the concurrence of
the appropriate Workgroup Administrators (eg. address changes).F.USE OF DATAThe viewing, reporting, and discussion of sensitive
information shall be governed by formal authorization and the
"need to know". Use of sensitive information for purposes other
than those specifically required to accomplish assigned duties
does not constitute a "need to know" and is explicitly
prohibited.
G. RELEASE OF INFORMATION
No employee or agent of the college shall release any data
to any non-employee or non-agent of the college unless
specifically authorized by the appropriate Workgroup
Administrator.
1. WORKGROUP DATA Workgroup Administrators are
authorized, within their discretion and in accordance with policy
stated herein, to release Workgroup Data to other Workgroups and
non-employees or non-agents of the college.
2. RESPONSIBILITY AFTER RELEASE When information is
released by the Workgroup Administrator to another agent of the
college, responsibility for the confidentiality and proper use of
that information is shared by the receiving agent.
H. SYSTEMS ACCESS AND SECURITY Measures to control system
access and security shall be the responsibility of all system
users, administrators and support staff.
1. EXECUTIVE MANAGEMENT RESPONSIBILITIES Divisional
Executives are responsible for the assignment of
Colleague/Benefactor Workgroup Administrators (see Appendix B-
III.) as follows:
Divisional Executive Workgroup
Dean of Admissions adm
Dean of Educational Services & sa
Student Affairs fa
Dean of the College reg
Treasurer cf
per
csc **
Director of Communications & Development ben
** Responsibility for the csc Workgroup is transferred
between the Dean of theCollege and the Treasurer on an annual
basis.
2. WORKGROUP ADMINISTRATOR RESPONSIBILITIES Requests for
new user accounts, termination of accounts, and on-line access by
individuals outside the Workgroup will be forwarded to the
Database Administrator by the Workgroup Administrator. The
Workgroup Administrator will specify those aspects of the
database to which the users in their respective workgroups will
have access. The Workgroup Administrator is responsible for
maintaining a current list of authorized Workgroup Users in the
Test, Education and Live Systems and for apprising Computer
Services of changes and potential security breaches.
The Workgroup Administrator is responsible for
monitoring Workgroup database activities and procedures to assure
conformity with formal policy and prudent operating practice.
The Workgroup Administrator is responsible for setting
and monitoring procedures, within the workgroup, for maintenance
and disposal of copies of information generated from the system.
The Workgroup Administrator is responsible for assuring
that all Workgroup Employees read and understand this policy
statement.
3. DELEGATION While the Workgroup Administrator is
responsible for the overall adherence to institutional policy,
specific administrative tasks may, as appropriate, be delegated
to an assigned Module Administrator.
4. USER RESPONSIBILITIES Each database user is
responsible for theconfidentiality of passwords and information
to which he/she has access. Users shall exercise prudence in the
maintenance and filing of passwords, print screen reports, and
Uniquery reports. Users shall ensure a secure physical
environment.
5. COMPUTER SERVICES RESPONSIBILITIES In addition to
observing thepolicies herein, Computer Services shall administer
the following security measures:
A regular schedule of full and periodic system backups
(including an off-sitestorage rotation), in accordance with the
Computer Services Procedures Manual.
A disaster recovery plan shall be enacted.
Systems activity and operational logs shall be
periodically reviewed forpotential security breaches.
6. STATEMENT OF UNDERSTANDING All college employees and
agents accessing the database system shall sign a statement of
understanding of institutional policy.
I. DESTRUCTION OF CONFIDENTIAL DATA It is the responsibility
of each user to assure that confidential information is
destroyed in an appropriate manner. This may include the use of
paper shredders, diskette mutilation, check incineration, and
other means, as appropriate.
DICKINSON COLLEGE
INSTITUTIONAL POLICY STATEMENT AND SECURITY PLAN
APPENDIX A.
DefinitionsFor the purposes of this policy statement, the
following terms are defined:
1. Administrative Responsibilities The increased user
access gained through the database, necessitates a similar
delegation of administrative responsibility. Workgroups must
play an active role in assigning and monitoring access to the
database. Appendix B details specific database workgroup
responsibilities.
2. Application Program The predefined menu selections
and programs that make up Colleague and Benefactor. User access
to the database through the application programs is limited to
(i.e. controlled by) the options presented on the menus.
3. CAG (Computer Advisory Group) The executive
committee, consisting of the Dean of the College, the Treasurer,
the Director of Computer Services, and the chairpersons of both
the Academic and Administrative users' groups, that is
responsible for general oversight, integration, campus-wide
planning, and policy formulation related to all the College's
information processing activities. The chair of this committee
is transferred between the Dean of the College and the Treasurer
on an annual basis.
4. CAUG (College Administrative User's Group) The
administrative advisory group, consisting of the heads of various
administrative offices, the Director of Computer Services, the
Coordinator of Systems Development, the Coordinator of
Administrative Computing, and other administrative staff as
needed. Members of the committee are appointed by the President.
CAUG is responsible for assisting Computer Services personnel in
identifying and addressing operational, planning, budgetary, and
policy issues related to the College's administrative information
processing activities. CAUG reports to CAG.
5. Custody of Data Each Workgroup Administrator is
assigned custodianship of specific datastructures. As an
assigned custodian, each Administrator is responsible for
managing the operational maintenance, security, reporting and
release of his/her assigned Workgroup Data in accordance with the
policy stated herein.
6. Databases Three major databases are associated with
the Colleague/Benefactor System.
* EDUC Provided by Colleague to provide
representative examples of each module. EDUC is used by new
users to become familiar with the basic system features.
* TEST Database developed internally to test
Dickinson specific invocations and customizations of the package
prior to live integration.
* LIVE The official data used in the live
operations of the college.
7. Common Data to which all Workgroups have access. The
primary common files in the Colleague and Benefactor Systems are,
respectively, the "PEOPLE" File and the "PERSONS" File. Policy
regarding the common use of these files is contained herein.
8. Database Administrator Computer Services assigned
individual responsible for maintaining the physical integrity,
security and consistency of the database.
9. ENVISION Programs Programs that have been
reorganized by Datatel to incorporate new program development
techniques, screen "looks" and security features (including field
level security). Presently only some of the modules have been
rewritten using ENVISION. From a security perspective, ENVISION
programs differ from the present MSP programs in that the
availability of and access to a given ENVISION program by a
specific user can be controlled by that programs inclusion in a
Security Class to which the user belongs.
10. MSP Programs "Maintain.Set.Parameters" Programs.
Presently all of the applications programs with the exception of
"Colleague Financials" and "Benefactor" are MSP programs. These
programs are distinguished from ENVISION programs (from a
security perspective) in that access to a given MSP Program is
controlled solely by program passwords and exclusive
Vocabularies.
11. "Need to Know" The "need to know" confines system
users to accessing, changing, and generating reports on only data
that are required in the administration of their assigned duties.
12. Query Language The Database Language that enables
users to produce ad hoc reports independent of the Application
Program. User access to the database through the query language
(Uniquery) is limited by the data files and verbs contained in
the VOC file of that users Workgroup.
13. Verb A Uniquery command that performs a specific
action on a file (eg. LIST, SORT, SELECT, GET.LIST). Workgroup
VOCs contain verbs that facilitate reporting but are restricted
from verbs that can change the database (eg. CLEAR.FILE).
14. VOC File A database vocabulary. Each Workgroup has
a unique vocabulary that contains only those filenames and verbs
to which that Workgroup has access.
15. Workgroup A group of individuals distinguished by their
use of a common set of Colleague/Benefactor Files. The
organization of Workgroups is based on Dickinson's organizational
structure as it interacts with the logical structure of the
Colleague and Benefactor databases (see Appendix B for detailed
definition of specific Workgroups).
16. Workgroup Administrator The individual appointed
administrative custody for a particular Workgroup.
17. Workgroup Data Files containing data specific to a
given Workgroup. Access to information contained in workgroup
data is authorized by the Workgroup Administrator.DICKINSON COLLEGE INSTITUTIONAL POLICY STATEMENT AND
SECURITY PLAN
APPENDIX B.
Database Management System Security
For the Colleague/Benefactor Shared Database
March 4, 1992
ADMINISTRATIVE ASSIGNMENT AND SECURITY
I. ADMINISTRATIVE RESPONSIBILITIES This section identifies
operational and support activities associated with the
Colleague/Benefactor System. Each position is described and its
associated access rights defined.
"Systems Access" defines a user's access at the Dynix
Operating Systems level. Access at this level is necessary only
for systems development and maintenance and is, therefore,
restricted to Computer Services personnel. All other users will
be automatically insulated from the operating system by a menu
system.
"Database Access" defines a user's access to the Unidata
Database (or "colon prompt"). Access is defined for each of the
three accounts. All users have access to the entire sample
database provided by Datatel ("educ"). All users have full
access to their designated test accounts ("test"). Live account
access varies for each user within a workgroup, as authorized by
the Workgroup Administrator. Variations include access limited
to specific programs, view only rights, and restriction from the
query language.
II. Workgroup Personnel
position: Workgroup Administrator
duties: * Authorize system access within workgroup.
* Authorize file/information access to
individuals outside the workgroup (including
the creation of electronic cross-file views). *
Monitor and coordinate efforts of Module
Administrator.
* Monitor workgroup activity.
* Maintain log of current workgroup users and
access rights.
II. Workgroup Personnel (continued)
access: * Workgroup Administrator has access to all
screens, tables, and records available to the
Workgroup. Workgroup Administrator also has
Uniquery Access.
position: Module Administrator
duties: * Assure adherence to institutional procedures
by all applications users with access to the
module.
* Assure that applications users have received
proper procedural and applications briefings
and training.
* Notify Workgroup Administrator of any required
changes to systems access within the module.
* Coordinate with Computer Services in
maintaining Colleague Tables.
* Maintain a data processing Calendar noting key
processing dates.
* Coordinate with Computer Services in
maintaining/planning Uniquery paragraphs and
program change requests.
access: * Module Administrator has access to all
screens, tables and records available to the
designated module. The Module Administrator
also has Uniquery Access.
position: Applications User (Uniquery Access)
duties: * Perform Colleague/Benefactor planning and
data entry, maintenance and reporting as authorized by
Workgroup Administrators. * Perform Uniquery data
retrieval activities on workgroup files as
requested by Module Administrator.
access: Access restricted to those programs designated
by the Workgroup Administrator. User also has access to the
Workgroup Vocabulary (VOC) via the colon prompt.
position: Applications User (Menu Access Only)
duties: * Perform Colleague/Benefactor data entry,
maintenance and reporting as authorized by
Module Administrator.
access: User has access to those programs authorized
by the Workgroup Administrator. User is restricted
from Uniquery Access of the database.
position: Computer Services Support Personnel
duties: * Provide operational support for
administrative applications, assist users in the
development of new applications,and identify and
resolve problems related to the utilization of Colleague and
Benefactor.
access: Support personnel have access to modules
within Colleague/Benefactor only as needed in
the performance of their assigned duties.III.WORKGROUP ASSIGNMENTS The following, details workgroup
assignments by Workgroup and Module Administrator. The list is
organized by Workgroup and includes each user's name and present
operational access (see II. for complete description of duties
and user work spaces).
WORKGROUP MODULE
WORKGROUP MODULES ADMINISTRATOR ADMINISTRATOR
adm Admissions L. Mench J. Brehm
R. Shunk
ben Benefactor tbd tbd
cf Accts Rcvbl. M. Britton C.
Chronister Accts Payable A. Parker T.
Meyer
Budget Mgr. A. Parker
Cash Rcpts. C. Chronister
Fixed Assets A. Parker
FRM Distrib. A. Parker
General Ledger A. Parker
T. Meyer
Inventory A. Parker
Payroll T. Meyer
Purchasing M. Helm
csc All Colleague J. Balling J. Balling
and Benefactor
Modules
fa Financial Aid Don Raley Rick Heckman
Madelyn Campbell
per Personnel R. Rasch K. Heberlig
reg Registrar R. Doernbach L. Kessler
B. Bretz
sa Student M. Frances Carson M. Redman
Affairs
DICKINSON COLLEGE
INFORMATION PROCESSING
STATEMENT OF UNDERSTANDING
Recognizing the need to maintain individual and institutional
rights to privacy and confidentiality AND realizing that, as an
agent of the College, my assigned responsibilities necessitate
the handling of sensitive information (both individual and
institutional), I affirm my intention to preserve the strictest
standards of confidentiality in the use of this information and
agree to be legally bound by the same regulations affecting all
College officials concerning the dissemination and disclosure of
sensitive information.
Specifically, I affirm:
1. That I understand the need to exercise confidentiality
in the handling of institutional information.
2. That I understand the importance of exercising care in
assuring the secrecy of my computer system passwords, the
physical security of my work area, and the proper storage,
transmittal, and disposal of College based information stored on
any media.
3. That I am ethically obliged to report any attempted or
successful violation of institutional or personal security or
privacy.
4. That I have become familiar with specific information
handling procedures established within my workgroup.
5. That I have read and understand the College's
Information Policy Statement.
I understand the intent of this statement and will exercise
diligence in performing my duties in accordance with
institutional policy. Furthermore, I understand that violation of
College policy may result in disciplinary action.
__________________________ _____________
Signature Date
__________________________
Printed or Typed Name.