Page tree

DOCUMENT INFORMATION

Document TitleSocial Engineering Security Policy
Document Type
  • Bylaws
  • Policy Document
  • Procedures
  • Guidelines
  • Form
Office/UnitInformation Technology Services
Document Owner
Contact Information
Office Name Phone Email








Approval Date

June 2, 2004

Approved byPresident's Cabinet
Effective Date

June 2, 2004

Review Date/Schedule
Revision History

DOCUMENT CONTENT

PURPOSE

The purpose of this policy is to emphasize that information security (the protection of confidentiality and the integrity of confidential student and employee information) is the responsibility of each and every SUNY employee.  “Social Engineering” is the term that describes non-technical ways by which hackers obtain information, usually by fooling people into giving up their own security.

POLICY

It is the policy of SUNY Fredonia to ensure confidential physical information is protected.  

PROCEDURE

The following guidelines should be followed:

  • Include the review of FERPA regulation and the SUNY Fredonia Information Security Program and Policies during new employee orientation, with the policies included in orientation packets.

  • Require completion of the Confidentiality Agreement Form, appendix E of the SUNY Fredonia Information Security Program.

  • During annual evaluations, supervisor and employee shall review information security confidentiality requirements and procedures.

  • The Office of Human Resources will annually remind employees of information security and FERPA regulations.

  • Eliminate use of social security number for customer identification in campus-wide office procedures.  Use the Your Connection ID when verifying customer identification.

  • Practice vigilance in how and where each employee shares information.  Hackers can overhear conversations and build up information over time that can then be used to obtain confidential information.

  • Never write passwords down, or share with anyone (even system administrators, account managers, or friends).  Most cases of unauthorized access to information is through the use of compromised passwords. Use of strong passwords following the guidelines in appendix G. is recommended.

FAQ's
Keywords

Category(s)
  • Academic Affairs
  • Advancement
  • Financial
  • Governance
  • ITS
  • Operational
  • Personnel
  • School/College
  • Student Life
Sub-Category(s)