WVNET Security Policy & Procedure
3.0 Principles
3.1
Security is a global concern. It affects not only those assigned to administer and audit security, but also end users at every level. In order to ensure that WVNET security policies and procedures remain sound, it is important that all information users realize that security is a team effort and that each individual plays an important role.
3.2
It is WVNET' s philosophy that the security of systems and data should be as complete, reliable and automatic as possible, and that the policies, procedures and technology used should be as responsive as possible to the end-user's needs.
3.3
WVNET computers and communications devices, and the information stored or processed on them, represent a major expenditure in resources paid for by the citizens of West Virginia. The loss of access to computer systems or data can result in anything from the loss of an hour's work done by a technician, to the loss of years of work by a student, faculty member, or administrator. At one extreme we have a "minor" waste of employee time paid by state taxpayers, to the loss of irreplaceable knowledge, or the disclosure of confidential information.
3.4
Responsibility for controlling access and the development and implementation of appropriate security standards, guidelines, practices, and educational programs rests with the information owners or their designees who are responsible for collecting and maintaining information as well as those charged with operating WVNET's servers and communications equipment. WVNET is committed to the principle of appropriate access. For all information, owners and custodians should make informed decisions regarding the appropriate access that will be provided. Stewardship of the information may depend on its nature and be governed by federal laws, state laws, requirements of external regulatory organizations, and/or WVNET policy.
3.5
The potential threats to WVNET resources and users come from both inside and outside of the organization. Some of the known threats include pranks, malicious or curious hackers, programming flaws in purchased software, and honest mistakes or deliberate sabotage by state employees or students at schools.
To Section 2: Policy