A&S Information Technology Security Policy

The Arts & Sciences Information Technology Security Policy is couched within the framework of Duke University's OIT Security Policy Statements, and establishes a minimum level of security practice for all computer systems connecting to the Arts & Sciences network.

Why do we need a policy?

An information security policy is a kind of social contract, needed to protect the community from unintended results stemming from individual behavior - as well as to protect and preserve the privacy of each individual.

That is, the purpose of this policy is threefold:

1. to protect corporate and individual privacy;
2. to secure the network for the educational, research and administrative purposes intended;
3. to support the effective use of faculty, staff and student time by minimizing the time spent on recovery of lost data, virus disinfection, and computer and network down time.

This policy would not be necessary were there not an increasing number of daily unauthorized intrusion and disruption attempts on our computing and network systems. Neither would this policy be necessary if the damage done by successful attempts were limited to individuals who may not be concerned by privacy, network connectivity or data loss issues. Provided below are links to other universities' security policies, as well as some descriptive anecdotes on security challenges.

• Anecdoctal examples of security breeches
• Links to other university security policies.

An information technology security policy is just one part of a larger "computer system user policy". In Arts & Sciences, we are governed by Duke University's comprehensive OIT Security Policy Statements, as well as by computer system user policies established at the departmental level. The A&S Information Technology Security Policy's objective is to provide a minimum, common level of security for computer systems and users on the A&S network.