Information Security
Page tree
ITS InfoSec Homepage

This section is intended to present basic security concepts and best practices that form the foundation for all security-related activities.  It is intended for all members of the University community, both technical and non-technical.  We explore common threats to our information, and what each user can do to better protect the information against unauthorized exposure.

Basic Security Principles 

1. All faculty, staff, and students are responsible for protecting the data they work with per the University's Data Classification Standards.

2. Never share your password.

3. Do not click on links you receive in emails, unless you are sure the link is safe.  Hover your mouse over the link to confirm the web address the link is taking you to.

4. Create a unique password that is not similar to previous passwords.

5. Do not use the same password for multiple accounts.  If the password is compromised, attackers will have access to all accounts associated with that password.

6. Follow the University's Data Classification Policy.

In addition to the security principles listed above, all employees are required to complete an annual Information Security Awareness Training.

Data Classification

Data at the University is divided into three categories: Public, Enterprise, and Confidential.

Public - Least ProtectionEnterprise - "Standard" Protection

Confidential - Strictest Protection

Includes information available to the public on:


Includes administrative data used for day-to-day operations, such as:

  • Financials - Budgets
  • SUID number
  • Internal communications
  • Contracts
  • Recruitment data

Includes data protected by laws, agreements, and/or regulations, including:

  • SSN
  • Account Numbers (Bank/Payment)
  • Driver's license/State ID numbers
  • Education records
  • Health information
  • Biometric information
  • Passwords
  • Some research data

Also See:

  • No labels