Skip to Content - Skip to Navigation

General Information

Information resources are vital assets that require protection. This policy is intended to protect and defend the integrity of Indiana University of Pennsylvania’s information and information systems. This document defines the security and data ownership responsibilities, along with relevant and necessary authorities to undertake these assigned responsibilities, of the information system resources that are maintained and operated by IUP Technology Services Center and academic computing.

The university has a legal responsibility to secure its computers and networks from misuse. While the value of equipment such as computer hardware is easily appreciated, we must not overlook the larger investment in less tangible information assets - such as data, software, and automated processes. Computers and network resources can provide access to these less tangible resources both on and off campus.

Failure to exercise due diligence may lead to financial liability for damage done by persons accessing the network from or through Indiana University of Pennsylvania. At the extreme, an unprotected IUP network open to abuse might be denied access to parts of the larger network community.

Objectives

The university reserves the right to limit, restrict, or extend computing privileges and access to its resources. Access to the university's information system facilities and resources is granted solely to Indiana University of Pennsylvania faculty, staff, registered students, and authorized individuals outside the university. This user community is expected to cooperate with the Technology Services Center and academic computing in its operation of the information systems and networks as well as in the investigation of misuse or abuse of those assets.

Open access to IT-provided resources is a privilege implicit in IUP’s grant of access to users. Such open access requires that individual users act in a responsible and acceptable manner. Acceptable use always is ethical, reflects academic honesty, and shows restraint in the consumption of shared resources. Acceptable use demonstrates respect for intellectual property, truth in communication, ownership of data, system security mechanisms, and individuals' right to privacy and freedom from intimidation, harassment, and unwarranted annoyance. The university considers any violation of acceptable use principles or guidelines to be a serious offense and reserves the right to test and monitor security, and copy and examine any files or information resident on university systems.

Data, whether stored in central computers accessible through remote terminals, processed locally on microcomputers, delivered via email, or generated by word processing systems, are vulnerable to a variety of threats and must be afforded adequate safeguards.

A combination of protection, detection, and reaction capabilities will be employed to protect the information system and data. Maximization of the five information assurance security objectives of:

  1. Availability
  2. Integrity
  3. Authentication
  4. Confidentiality
  5. Nonrepudiation

will serve as the goal for information systems security for the university.

IUP faculty, staff, and students need to be aware of the value of these resources and the means of protecting them. User awareness through education is the first line of defense in maintaining confidentiality, reliability, availability, and integrity of IUP information resources. The Indiana University of Pennsylvania’s Information Assurance Policy’s success is dependent on education of faculty, staff, and students in the need for and means of protecting IUP information resources. This education will include exposure to our authentication and password policies, and other physical loss prevention policies, the distribution and regular updating of virus protection software to all users, the use of encryption tools for critical data, and, if necessary, the implementation of back up and recovery procedures for all systems and other policies and procedures deemed necessary.

Sanctions

Those IUP authorized users who do not abide by the policies and guidelines outlined in this policy should expect disciplinary action in accordance with university rules for misconduct and existing judicial, disciplinary, or personnel processes. Offenders will also be subject to criminal prosecution under federal or state laws, and should expect the university to pursue such action. The Technology Services Center or academic computing should be notified about violations of computer laws and policies, as well as about potential loopholes in the security of its information systems and network.

  • Institute for Information Assurance
  • Stright Hall, Room 319
    210 South Tenth Street
    Indiana, PA 15705
  • Phone: 724-357-2524
  • Fax: 724-357-2724
  • Office Hours
  • Monday through Friday
  • 8:00 a.m. – 12:00 p.m.
  • 1:00 p.m. – 4:30 p.m.