Abe
Essay by review • November 30, 2010 • Essay • 268 Words (2 Pages) • 1,068 Views
Individual Responsibilities
Plans must address requirements for individuals accessing or processing Restricted Data so as to comply with basic responsibilities for campus data in general, as required by the provisions of the DMUP. In particular, Plans must specify requirements to be implemented within departments or units to ensure that individuals will be able to protect Restricted Data. [4] This includes ensuring that:
o passwords or other instruments that allow access to Restricted Data are protected;
o physical security of computers housing Restricted Data is protected;
o logical security of computers, operating systems and applications that house, or provide access to, Restricted Datas is protected;
o Restricted Data is removed from computers that are disposed of. [5]
Data Stewardship
Departments/units may be accessing, processing, or storing Restricted Data owned by the campus or by outside entities. The Data may be under their own proprietorship or the proprietorship of another department. Security plans must meet the minimum-security requirements of all relevant Data Proprietors.
Access Control
a. Plans must describe a secure access control method to ensure that only authorized users are able to view or modify Restricted Data. Described access control methods must:
i. authenticate the identity of a user requesting access to Restricted Data,
ii. authorize or deny access to the Restricted Data based on that identity, and
iii. produce a log of the user's identity and the actions taken.
b. Plans shall ensure that activity log data will be used in compliance with user privacy protection provisions of the University of California Electronic Communications Policy. [6]
c. Plans shall require that this access control mechanism be tested and maintained on a regular basis to ensure its integrity.
...
...