Compliance with security procedures is required to ensure access to data is adequately safeguarded..
This policy explains the authentication/authorization of identified critical systems.
Key security is maintained for all areas affected. Key requests are to be supplied to Facilities by the immediate supervisor and must include a signature from the Chief Information Officer. Keys for areas other than Maxwell are maintained in a lock box in Maxwell 148.
Authentication/Authorization of Identified Critical Systems
Role Based Access Control is used. Member logins and degree of access are created at the request of specified representatives from the following areas: HR, Records, Admissions, and CAPS Student Services. Identified supervisors from CAPS are allowed to create specific limited profiles for AGS Faculty. Any additional permissions requests are to be supplied by the user's immediate supervisor using a form supplied by HR.
Individual requests from ITS Help Desk for entry in Active Directory must be verified by a complete DRUS record in Datatel created by Student Services, Registrar 's office or Human Resources before creation of entry can be completed by a member of the Systems Administration team.
Requests for Colleague access are included in the login request for new employees firstname.lastname@example.org, usually in the name of someone whose security can be cloned. The list of security classes is evaluated and presented to the security officers of the areas represented. For example, if the request states that the employee needs to see Financial Aid information, the security officer from Financial Aid is consulted. Security officers have the right to approve or deny access to their information. Once approvals are given, the final recommendation is sent to the person who assigns security.
Requests for employees who are transferring to new positions usually come to IT through email. The same process is followed: evaluate the request; consult with security officers; make a final decision; assign security.
The person making the initial request is notified when the process is complete. All efforts are made to have the login and security in place before the employee’s start date.
Users are initially added to ImageNow when a department goes ‘live’. This list is provided during the planning phase as a part of the details spreadsheet. Once a department has completed their implementation, a Power User (member of the planning team) uses the Login Request form to indicate if a new user should be added, if an existing user’s permissions should be modified, or to remove a user altogether. The form is available through the IT Portal Site. A details spreadsheet is kept current for each department that utilizes ImageNow/WebNow with an updated copy posted to the department’s share folder. – (source A. Hufford)
Source 4 changes can only be made on one desktop unit in the IS department. Access to this PC is covered by password. Once compiled the file is placed on a folder using the c$ of a specific server. This server has restricted access to this folder.
SQL Server Farms:
SQL Server Management access is given by the Database team only. Permissions are granted by Jack Alexander (Systems Administration team) at the request of the DBA administrator. There are only three active users at the current time. Explicit permissions will be applied to any new user. Various ports have been opened on individual servers to allow SQL Server Management access which is controlled by the Database team.
Access to individual voicemail recording is controlled by password created by users.
Portal page (Employee Intranet):
The login page is publicly accessible. All other Web “pages” require authentication. Users authorized to login include IWU Faculty and Staff with permission in Active Directory and individual authorized directly by their respective VP.
This policy will affect the Marion Campus.
16-Oct-2017 - Updated - ISO
06-May-2014 - Updated
04-Nov-2013 - Updated
09-Mar-2012 - Information entered into Mind Touch
13-Mar-2009 - Policy created
General Policy 400.01.01
University Information Technology
Chief Information Officer
Chief Financial Officer
There are no known exceptions to this policy at this time.
Note: This policy created by suggestions listed in NIST SP 800-122 (ES3 Using Access Enforcement)
Callstack: at (Forms_and_Procedures/Policies/General_Policies/Access_Control_Permissions), /content/body/div/div/div/div/pre, line 2, column 1