Who Should Know What?
The university recognizes the different roles and responsibilities people have in their jobs. Therefore, everyone is not expected to know all of the policies and standards at a detail level. The chart below gives basic guidelines on the expected familiarity for the policies and standards based on role within the university:
Key to abbreviations used in table:
A - Awareness that policy exists; know where to go to reference it if necessary.
G - General knowledge of contents and expectations
D - Detailed knowledge of contents and expectations, either due to particular use of technology or information by user or expectation to assist users in understanding and living by the policy or deploying technology in compliance with the policy.
n/a - Not Applicable
| Policy and Standards | Dean/Admin. |
Tech/Tier Support |
All Other Users |
|---|---|---|---|
| Information Security Responsibility IS PS001 |
D |
D |
D |
| Business Continuity Planning and Disaster Recovery IS PS002 |
G |
D |
A |
| Intellectual Property (IP) IS PS003 |
G |
D |
G |
| Policy Exceptions IS PS004 |
G |
D |
A |
| Sanction Policy IS PS005 |
G |
D |
G |
| Security Incident Policy IS PS006 |
G |
D |
A |
| User Accounts and Acceptable Use IS PS007 |
D |
D |
D |
| Passwords IS PS008 |
D |
D |
D |
| Data Facility Security IS PS009 |
A |
D |
A |
| Network Service IS PS010 |
G |
D |
G |
|
Web Sites IS PS011 |
A |
D |
A |
| Workstation and Computing Devices IS PS012 |
G |
D |
G |
| Server Computing Devices IS PS013 |
A |
D |
A |
| Protection from Malicious Software IS PS014 |
A |
D |
G |
| Backup and Retention of Data IS PS015 |
G |
D |
G |
| Inventory, Tracking, Discarding or Redeploying Computing Devices or Media IS PS016 |
G |
D |
G |
| Enterprise Firewalls IS PS017 |
A |
G |
A |
| Encryption of Data IS PS018 |
G |
D |
G |
Note: Circumstances may require more detailed knowledge than would otherwise be expected.
Examples:
- A researcher who maintains all research data locally (on their workstation/laptop) would be expected to have detailed knowledge of Workstation and Computing Devices, Protection from Malicious Software and Backup and Retention of Data polices and standards.
- A faculty member who runs his/her own server would be expected to have detailed knowledge of Policy Exceptions and Server Computing Devices and possibly Data Facility Security policies.