The purpose of this protocol is to provide awareness and guidance for all staff and students to effectively manage risk for the university’s information technology (IT) resources.

Scope

This is an administrative protocol, affecting all academic staff, administrative staff, and students.

Referenced Laws, Regulations, and/or Policies 

This is the University protocol.

Protocol

Plans/Preparedness

The University has developed a self-paced digital literacy training course, in which the students learn how to stay digitally safe by introducing them to digital learning and specific functional skills required to use Parami IT resources. The University also prepares specific Tech Support on-boarding meetings where all new academic and administrative staff gain hands-on experience on safe and effective use of the University’s IT resources. All users of Parami IT resources are highly recommended to follow the following practices:

●   All Parami University students are expected to complete the digital literacy training course.

●   All new academic and administrative staff are expected to meet with Tech Support Team for Onboarding

●   All users are recommended to install and use firewall and antivirus softwares for extra layers of protection

●   All users must adopt “check before you click” practices:

○   Is the email genuine, such as source address, spelling and context?

○ Is this file(s) from a trustworthy source?

○ Is the link legitimate, such as the destination of the URL?

●   All users should follow the following password guidelines:

○   At least 8 characters—the more characters, the better

○ A mixture of both uppercase and lowercase letters

○ A mixture of letters and numbers

○ Inclusion of at least one special character, e.g., ! @ # ? ]

●   All users are required to immediately consult with the Tech Support Team whenever they feel suspicious of any types of potential threats

Actions

●   Tech Support team is responsible to formally/informally educate the users in bi-weekly faculty meetings and weekly students meetings.

●   Tech Support team is responsible to respond quickly to any security incident.

●   Tech Support team must constantly monitor the login audits for all Software as Service (SaaS) procured by the University and report unusual activities.

●   Tech Support team must constantly observe the security update and configure the system accordingly.

●   Tech Support team must have a data backup plan out of the organizational domain.

Emergency Incident Response

Security Incidents can happen at any level and at any software within the University and when a security incident occurs,

●   The Tech Support team must quickly assess the status of the incident to determine whether the incident is ongoing.

●   The Tech Support team must identify affected individuals and determine the extent of incident impact.

●   If the incident is ongoing, the security staff must take action to terminate the access of the unauthorized activity to prevent further losses.

●   The Tech Support team must notify the SaaS providers and work together with responsible security professionals.

Continuous Plan Evaluation

With ever changing threats to cyber security and implementation of new technologies for effective operation and quality assurance of the University, this protocol is not set in stone. The Tech Support team constantly revises the protocol and keeps it updated.

Review

The Office of Information and Technology is responsible for ensuring compliance with this protocol in various offices of the University.

Date