Topics Map > Services > Security > Data and Document Standards

Data and Document Standards - Shared Responsibility

Protecting and Securing Data at NDSU is a Shared Responsibility.

The data and IT resources at NDSU are protected by a shared responsibility model. This model defines the responsibilities of:

The NDSU IT Division
Distributed IT if applicable
Third Party Providers if applicable
The NDSU Staff, Faculty, and Students

Access

Data and services at NDSU are on a "Need To Know" basis, meaning that an individual should only have access to the data and services that are necessary to complete their work or the task at hand.

Access should only be granted to individuals that need the access
Access should be removed as soon as possible, once that access is no longer required
Reviews of access to data or services should be done annually

Please see Identity and Access Management - Get Started to find directions on how to grant, remove, and review access to storage, services, and websites that you may be the owner of.

Usage

Services and Data are to be used securely and properly.

Comply with Federal, State, and local laws, regulations and policies

Acceptable Use and Policies

Follow guidelines by IT Security

Travel securely

Traveling Abroad with Electronic Devices

Work securely away from your desk

Use of personal devices

Personal devices that are used to access or store sensitive data must be secured and it is on the owner of that device to secure that computer.
Protect Yourself and Others - Lock Your Computer

Use of personal accounts

The use of Personal Accounts to access services or data at NDSU is not permitted. Using a non-vetted account for NDSU related business could potentially open that account to North Dakota Open Records laws, as well as put the data generated or stored on that account in danger of being compromised.

Network Protections:

IT Security scans the network looking for servers and vulnerable systems in order to prevent those systems from becoming compromised

Critical Vulnerabilities or Computers that can be compromised easily and have a critical rating will be blocked immediately

IT Security will attempt to notify individuals those individuals that use the devices before blocking

High Vulnerabilities or Computers that have a high rating will have a notification sent to owners

The computers will be flagged and in two weeks the computer will be blocked

Storage

Data typically has to be stored in order to be viewed, manipulated, and used for its intended purpose. Storage should be secure and access to data should be authenticated and authorized, to maintain integrity, authenticity, and accuracy.

File Storage and Sharing

Reporting a Breach or Compromise

Breaches occur, they can be due to a misconfiguration, an undisclosed vulnerability of software, a click on a link in an email, or someone entering credentials into a page that looks like a proper login page. When these breaches are discovered it should not be a source of embarrassment or shame, instead it should be reported as soon as possible to make sure that mitigation occurs as soon as possible.

When a breach is discovered please report it to ndsu.itso@ndsu.edu

Please include:

A description of what data was possibly breached
When it was noticed or reported
If it was reported, please give the original documentation of the report
Who is responsible for the data or service
What kind of monetary or reputational damage this breach could incur
Please provide an indication of how the breach could have occurred
If there is any log data, please include that data

Keywords:	security, data and document standards, shared responsibility Suggest keywords	Doc ID:	103813
Owner:	Jeff G.	Group:	IT Knowledge Base
Created:	2020-07-09 09:36 CDT	Updated:	2022-05-17 11:56 CDT
Sites:	IT Knowledge Base
Feedback:	0 0 Comment Suggest a new document