Rutgers - The State University of New JerseyRutgers - The State University of New Jersey
MSSG | UCS Toolkit | #

Information Protection and Security

Information Protection and Security (IP&S) is the university business unit responsible for managing the information assurance program in an academic environment, developing policies, and establishing goals and objectives to maintain a secure information environment. Critical areas include security awareness, computing incident response, regulatory compliance, authentication and overall best practices for secure computing.

IP&S Objectives
Best Security Practices
Compliance Programs (GLBA, SEVIS, HIPAA)
Abuse Complaints Against Rutgers Computers
Security Awareness Training and Materials
Vulnerability Scanning
"Safeword" and "SecureID" Authentication



Best Security Practices
Best practices for secure computing can be found on the RU Secure and Net Security web pages. Departments requiring strong security measures due to critical and/or confidential data should complete a full Security Evaluation and Plan.

Compliance Programs (GLBA, SEVIS, HIPAA)
University departments are responsible for the security, confidentiality, and integrity of data covered by federal and state legislation. Failing to follow best practices in system administration and information assurace could result in unauthorized disclosure, misuse, alteration, destruction, or other compromise of critical information. IP&S programs provide guidance for compliance with federal and state legislation. See the RU Secure web page for more information.

Abuse Complaints Against Rutgers Computers
The IP&S Computer Incident Response Team (CIRT) is responsible for abuse and incident handling. Reports about problems with Rutgers hosts are submitted via email to abuse@rutgers.edu. These reports can reflect activities by users in violation of the University's Acceptable Use Policy, computing policies, and the University Code of Student Conduct. Often, these reports might also indicate that a system has been compromised by a hacker and is being used to attack other systems. IP&S distributes reports to the appropriate system administrators, owners, and OIT Campus division. They also collect logs from firewalls and intrusion detection systems around the University for additional reporting. IP&S actively seeks additional sources of log data.

Security Awareness Training and Materials
IP&S provides OIT Campus divisions with security awareness training. This includes both introductory and intermediate level security presentations for entire departments and more advanced training for technical staff. IPS also provides printed and other media security awareness material as reminders to users. Subject matter includes identity theft, peer-to-peer software, phishing, and best pratices. Please visit RU Secure for more information.

Vulnerability Scanning
IP&S provides access to a central vulnerability scanner that allows IT personnel to run vulnerability scans on their own networks whenever desired. Access to the Tenable Network Security system requires an account. Email rusecure@rutgers.edu for more information.

"Safeword" and "SecureID" Authentication
IP&S manages the Safeword and SecureID authentication services. These single-use, token based authentication mechanisms provide the strongest security of any mechanism at the University. This technology is currently used to control access to various central services and systems, but may also be utilized by other groups if desired. Please email safeword_support@email.rutgers.edu for more information.


BACK TO TOP

Return to RU Main Site

For questions or comments about this site, contact ucs_toolkit@email.rutgers.edu
Last updated: 03/14/2005

© 2005 Rutgers, The State University of New Jersey. All rights reserved.

 

Search Rutgers