Security and Integrity

Introduction

The security and integrity of Harding University's Information Systems and Technology (IS&T) resources is vital. There are a number of ways IS&T can be compromised and all who use the resources have a part to play in guarding the IS&T resources at Harding.

Attacks that are aimed to compromise the security and integrity of IS&T resources can be focused on standalone computers. However those attacks are able to quickly infect other IS&T resources on the networks to which they are connected.  

As a consequence, it is imperative that protections be implemented and are adhered to rigorously. This will reduce the likelihood of security and integrity outbreaks and minimize the risks associated with any outbreak. Harding University has a responsibility to protect its resources. Accordingly, all possible points of entry (internet, email, removal media, personal computers, gateways, servers, employee computers) need to be protected and appropriate actions must be implemented to counter the risks. The success of this program depends on the products available and the regular use of these products by students and employees.

 

What Attacks Security and Integrity of Systems

There are three common ways our computers are attacked. They are:

Viruses

A virus is a software program or piece of code that infects a computer and reproduces itself to spread throughout the computer or to other computers. Viruses are spread through executable code, which means it must be activated to affect a system and spread. Viruses can sit dormant in a computer system until they are activated, either remotely or with a countdown in the code itself.

Malware

Malware is short for malicious software. There are different types of malware. A trojan is a type of malware that is surreptitiously downloaded with other software; trojans do not replicate as viruses do, but trojans are generally more malicious because they steal information and “phone home” that information to its master. The name “trojan” comes from the Greek mythology story about the Trojan Horse. Other malware might include spyware or adware, which track the computer’s user’s computing habits, history, or online shopping, browsing and buying. Spyware is intended to keep a record of the activity, while adware is intended to blast the user with targeted ads based on web browsing and online habits. Both usually do so without the user’s knowledge.

Phishing

Phishing is the name given for one of the worst computer crimes: identity theft. Phishing attempts usually come in the form of emails, instant messages or hacked websites. They direct the user to what appears to be a legitimate website or application. The user, assuming the website/application is legitimate, enters his username and password, which is promptly stolen.

Although it is increasingly difficult as crooks become more sophisticated, you can prevent viruses and phishing attacks. Some of the tips given below may require you to radically change your computer use and internet browsing. But if you have ever experienced a virus or trojan and tried to fix your computer after getting one, you probably realize very quickly that the ounce of prevention really was worth the pound of cure.

 

Maximize Security and Integrity of Systems

Harding University will maintain a site license and/or make available virus and malware detection and prevention software for personal computers and servers maintained by the University. University clients who have access to networked personal computers will have direct access to the currently supported virus and malware detection and prevention software. Employees will ensure that the virus and malware software installed on their personal computers is in accordance with this policy, and is not tampered with or removed.

The Manager of Network Services will monitor virus developments and ensure that clients have access to appropriate tools or information to enable them to protect their personal computers against possible infection by a computer virus or malware.

The Manager of Network Services will thoroughly investigate any report of a virus and malware infection or possible virus and malware infection. If the report is of a serious nature or the effect is widespread, the Chief Information Officer will be informed so that whatever measures are necessary to deal with the matter can be implemented.

Employees or students will not be asked to supply their username or password to anyone. If maintenance is required on your computer, other procedures will be enacted to carry that out. The Information Systems & Technology (IS&T) department will NOT ask you for your username or password – over the phone, in an email or other forms of communication.

Therefore, do NOT supply your username or password no matter how legitimate the request seems. Please see examples of emails that seem legitimate in which a username and password is requested. These are examples of phishing.

Phishing Examples

 

More Information

There are a lot of resources you can easily find that deal with this. One that is recommended is:

Federal Trade Commission – Online Privacy and Security

Contact Information