内布拉斯加大学科尔尼分校 is the custodian of confidential data for students and 员工 and we acknowledge our responsibility to secure confidential data for the protection of our constituents. 我们给学生和员工分配NU-ID, a number designed to replace the Social Security Number as a unique identifier.
内布拉斯加大学科尔尼分校 will not use Social Security Numbers to identify students, 员工, 或其他与体育菠菜大平台有关系的人, 法律规定的用途除外, 比如工资, 好处, 财政援助. Social Security Numbers can be used to obtain non-public information, 比如就业, 信贷, 金融, 健康, 机动车, and educational information that would be harmful or an invasion of privacy if disclosed. Our goal is to prevent unauthorized use of or access to confidential data and Social Security Numbers.
Neither the Social Security Number nor any portion of the Social Security Number will be collected, 存储, or transmitted by university 服务 or using university-owned equipment unless its use is authorized in writing by officials designated by the Chancellor. 被授权收集的部门或个人, 商店, or transmit Social Security Numbers will follow guidelines to secure such data as established by the Assistant Vice Chancellor for Information 技术.
1月1日后未能遵守此政策, 2008, 会招致校方的纪律处分.
非常感谢您的合作. 谢谢你!.
道格拉斯一. Kristensen,总理
Chancellor Kristensen instructed all departments to be in compliance with the 体育菠菜大平台 Social Security Number Policy as of January 1, 2008.
Paper documents 有社会安全号码 should be 存储 in locked cabinets in a locked room.
Paper documents that have been retained beyond the date specified in the NU records retention schedule should be destroyed by cross-cut shredding. 如果要销毁的文件数量很大, the department should develop a plan and timeline for destruction of the documents. There are vendors that provide document destruction/disposal service for a fee. Contact the Vice Chancellor for 业务 and Finance for additional information. Until the documents are destroyed, they should be protected as described above.
Identify removable media, such as flash or jump drives, floppy disks, CDs, zip disks, etc. 存储社会安全号码. Keep such media in a locked cabinet in a locked room, similar to paper documents. If the removable media is no longer needed, physically shred or destroy the media to dispose of it.
申请豁免 from the Social Security Number Policy if you must retain documents, 纸质或电子, 有社会安全号码.
An exemption request is NOT required for direct access to SAP/HR and SIS application data. 然而, if you have social security 数字 from these systems 存储 on your workstation or removable media, 必须申请豁免.
授予的豁免将每年进行审查.
SSNs and other personal identity information are confidential data and the theft and/or unintentional compromise of such data has become a major issue in higher education. The Chancellor has charged 体育菠菜大平台 to eliminate all non-essential use of SSN by January 1, 2008. 例外情况必须得到财政大臣的批准.
产品说明:
Complete the form online with the exception of the Department Head signature box.
列印填妥的表格.
部门主管签署表格并送交:
Deb施罗德
助理副校长(资讯科技署
114奥托·奥尔森
内布拉斯加大学科尔尼分校
卡尼,ne68849
资讯科技服务 will review the form and forward it to the Chancellor for approval.
目的与受众:
The 内布拉斯加大学科尔尼分校 recognizes the increased concern about individual privacy and the risk of identity theft. 社会安全号码(SSN)被归类为私有数据. The protection and confidentiality of the SSN is covered under Regents policy, 联邦法律, 还有州法律. Historically, the SSN has been employed to help identify and match records. 然而, current directives discourage this practice and make use of the SSN subject to approval. This procedure is intended to specifically address issues related to the use of the SSN in university systems, including self-service applications and departmentally administered systems. 我们的目标是:
Eliminate the collection of the SSN except where required by law.
Eliminate the use of SSN in data systems, including display pages and reports.
Require the use of an exemption request when using or storing the SSN.
Increase awareness about the concern for privacy and the risk of identity theft related to the disclosure of the SSN.
The University is required to collect the SSN for a variety of legally mandated activities (e.g.所得税申报,联邦政府支持的财政援助). 所有这些情况, 包括现有系统, 必须记录在案, 综述了, and approved by the Assistant Vice Chancellor of Information 技术 or designee.
每个申请一个请求
An exemption request must be made for each application that you own, 运行, 和/或利用,如果该应用程序使用ssn. 该应用程序可能针对您办公室的功能而特定. It may be a "shadow system" with an associated data base and/or data files. 它可能是应用程序的测试版本. 也可能是Word文档或Excel电子表格. (State law prohibits the use of employee SSNs to identify 员工 except for those uses required for tax and benefit purposes.)
新的应用程序需要新的请求
An exemption request must be made for any new application that will utilize SSN. The exemption request should be submitted before the purchase of the application. At test version of an application will require its own exemption request.
自动豁免
Employees with accounts for accessing SAP/HR and SIS do no need to request exemptions for SAP/HR or SIS access. If you extract SSNs from SAP/HR and/or SIS and 商店 those SSNs on electronic devices, 比如你的桌面, 网络存储, 闪存驱动器, 或其他移动设备, 你必须提交一份豁免申请.
年度更新
Exemptions are granted for one year and will be 综述了 annually. 豁免必须每年提交一次.
Protecting the nonpublic personal information of our 员工 and students is an important responsibility. The practices listed below can help us ensure that information stays protected.
电子邮件是攻击你电脑的主要手段. It is easy for an attacker to send a message that will infect your computer, 即使你没有阅读或预览它. 这就是杀毒软件必不可少的原因.
使用加密邮件或不要发送机密信息.
不要打开你不期望的附件.
不要点击通过电子邮件到达的网页链接.
Report any suspicious email messages you receive to the ITS Helpdesk.
永远不要回复垃圾邮件——即使是“退订”.”
通过电子邮件进行敏感的沟通会带来真正的风险. The most common disclosures result from email accidentally sent to the wrong person. Therefore, use special care when addressing email with sensitive information. 对于高度敏感的数据,请选择邮件以外的其他方式.
传真敏感信息时要特别小心. Be sure that the fax number is correct and that someone on the other end will promptly retrieve the faxed document.
处理纸质文件时要特别小心. Do not leave documents 有社会安全号码 on your desk when you leave. Do not share social security 数字 over the telephone when your conversation can be overheard by others.
选择一个强密码——一个难以猜到的密码. If you think your password has been compromised or shared, change it immediately.
Do not share passwords and do not allow anyone to work on a computer that you have logged into.
识别您的计算机何时可能受到威胁. It is often difficult to recognize when your computer system has suffered a security compromise. 如果你发现你的电脑运行缓慢, 自动重启, 或表现出任何异常行为, 通知IT支持人员.
避免危险的网络和电子邮件活动:
Be skeptical of email and web sites that ask you to provide personal information, 比如社会保险号, 下载软件或文件.
Confirm that an embedded web link in the body of an email goes where it is expected to go before you click on it.
“互联网上的免费东西就像陌生人给的糖果.“要注意那些看似无害的游戏, 公用事业公司, and other “fun stuff” can work behind the scenes and install spyware or other malicious software (malware) on your computer. They can harbor viruses and even open a “back door” giving access to your computer.
Identity theft is the intentional use or theft of a person’s private information to obtain goods or 服务. 在网站上的任何购买或任何在线交易, 比如网上银行, 增加身份被盗的风险. Take precautions to ensure the confidentiality of your private information.
只能从知名软件供应商下载.
Any security incidents involving systems that 商店 and/or have access to social security number must be reported promptly to the 资讯科技服务 Helpdesk. 安全事故包括, 但不限于, 病毒感染, 间谍软件感染, rootkit, 比如黑客攻击和不当使用, 以及丢失的媒体或计算机设备.
This checklist is provided as a tool to help you in making sure your department is complying with the University's Social Security Number Usage Policy.
每年检讨你的保安程序和程序.
应用程序, 服务, 或者是收集, 商店, or transmit social security 数字 can not be commissioned without written approval from the Assistant Vice Chancellor for Information 技术.
每年更新部门文件目录, 纸张和电子, 包含社会安全号码.
Maintain an access control list to identify each person with authorized access to social security 数字.
Require new 员工 to read university and departmental security policies.
Instruct all 员工 on basic workstation security and document storage policy.
建议使用强密码. They are difficult for a human or a computer program to guess and have letters in both upper and lower case, 数字, 和特殊字符, and do not consist of words found in a dictionary or that are part of the user’s own name.
用户之间不应共享帐户.
不应使用通用帐户.
A timed lockout mechanism such as a screensaver that requires re-authentication should be used.
一旦系统遭到破坏,密码就必须修改.
Servers storing social security 数字 must be appropriately secured and managed.
Servers storing social security 数字 must be located in the ITS server room. Exceptions may be granted by the Assistant Vice Chancellor for Information 技术.
Servers may be periodically scanned to verify that social security 数字 are not being 存储 in an unsecured manner.
Servers storing social security 数字 are subject to periodic vulnerability scans.
服务器应该支持单个应用程序.
Use of servers for tasks other than their intended use is prohibited.
All servers 存储社会安全号码 must have antivirus software enabled and updated.
Workstations storing social security number must be appropriately secured and managed.
Workstations and portable devices storing social security 数字 must use full disk encryption. This applies to all devices whether they are owned by 体育菠菜大平台 or by the user. The data encryption standard will be specified by 资讯科技服务.
Workstations may be periodically scanned to verify that social security 数字 are not being 存储 in an unsecured manner.
Devices storing social security 数字 are subject to periodic vulnerability scans.
All workstations 存储社会安全号码 must have antivirus software enabled and updated.
