IT Security – Tufts Audit and Management Advisory Services

This section contains information on IT security and includes links to internal Tufts websites about the subject. Visit UIT’s GuardIt website for more complete information on IT security at Tufts.

What IT security issues should I be aware of?
Your school/division/organization’s front-line service provider (FSP) can assist you with virus protection and computer security settings. Browse the university’s Front Line Service Providers. Also refer to UIT’s index of security services, standards, issues, and resources.

What should I know about University network services and safe computing in the Tufts local area network (LAN) environment?
Tufts invests significant resources to ensure the security of electronic data and desktops connected to the Tufts network. Although not all of these security controls may be present or activated on your particular system or application, the University strives to implement appropriate security control measures to reduce the risk of unauthorized access to confidential information. For questions, additional information, or to request a security consultation for your department, contact Information_Security@tufts.edu or call (617) 627-6070.

What can I do to reinforce secure and safe computing practices at Tufts?
In the Tufts computing environment, the most important source of IT control is user information security awareness and communication. A user should aim to identify security weaknesses such as: using “weak” passwords, sharing passwords, failing to install virus protection, responding to “phishing” schemes, leaving computers operating while unattended, failing to log-out of systems when no longer in use and installing programs from un-trusted sites infecting, monitoring and virtual takeover of desktop computers). Once identified, communicate these weaknesses to appropriate technology personnel (your FSP or the UIT Support Center) in order to help the University to maintain a safe and secure computing environment.

What should I know about user password management and best practices?
Passwords used to access sensitive applications and data should be private, not shared with others and meet minimum basic standards that reduce the likelihood of their compromise. Adoption of a password that is not readily “guessable”, not a commonly used term (e.g., last user name, sports teams, Tufts-related words such as Jumbos, elephant) or generic (e.g., password, guest, student, etc.), is a “non-dictionary” term and includes eight (or more) alpha-numeric characters in length is the most effective control we have to control access to Tufts’ applications, systems and confidential data.

Default passwords shipped with certain IT hardware and applications should always be changed or disabled when installed. Passwords should not be displayed or affixed to the side of terminals, under keyboards/mouse-pads or other common “insecure” areas. Refer to the UIT “Creating Strong Passwords” guidelines for more information.

Has Tufts adopted any general policies related to my responsibilities as a user of Tufts’ computing IT resources?
The University has adopted a series of policies regarding appropriate use of University IT resources at the following websites:

If I have a question about audits of IT security, can I contact Audit and Management Advisory Services (AMAS)?

AMAS always welcomes inquiries about IT audit and security issues. If you should have questions about information contained herein or wish to suggest an appropriate area for IT audit services, please contact the Director of Audit & Management Advisory Services, Seth T. Kornetsky, at 617-627-2068 or seth.kornetsky@tufts.edu or Senior University Auditor/IT Controls Specialist, William L. Woodfin, at 617-627-2607 or william.woodfin@tufts.edu and they will be glad to assist you with any queries or concerns.

Return to top

			Search GO > this site tufts.edu people

	Welcome About Us Letter from the Director Mission Charter Staff and Organization Internal Auditing Introduction to Services Tips for a Smooth Audit Types of Audits The Audit Process Online Risk Assessment AMAS Internal Control Awareness Award Controls & Compliance Internal Controls Institutional Compliance Ethical Business Conduct Fraud Prevention IT Security Resources Best Practices Management Resources Student Resources News & Links Audit Newsletter Tufts Links External Links Contact Us
	Controls & Compliance Internal Controls Institutional Compliance Ethical Business Conduct Fraud Prevention IT Security	IT Security This section contains information on IT security and includes links to internal Tufts websites about the subject. Visit UIT’s GuardIt website for more complete information on IT security at Tufts. What IT security issues should I be aware of? Your school/division/organization’s front-line service provider (FSP) can assist you with virus protection and computer security settings. Browse the university’s Front Line Service Providers. Also refer to UIT’s index of security services, standards, issues, and resources. What should I know about University network services and safe computing in the Tufts local area network (LAN) environment? Tufts invests significant resources to ensure the security of electronic data and desktops connected to the Tufts network. Although not all of these security controls may be present or activated on your particular system or application, the University strives to implement appropriate security control measures to reduce the risk of unauthorized access to confidential information. For questions, additional information, or to request a security consultation for your department, contact Information_Security@tufts.edu or call (617) 627-6070. What can I do to reinforce secure and safe computing practices at Tufts? In the Tufts computing environment, the most important source of IT control is user information security awareness and communication. A user should aim to identify security weaknesses such as: using “weak” passwords, sharing passwords, failing to install virus protection, responding to “phishing” schemes, leaving computers operating while unattended, failing to log-out of systems when no longer in use and installing programs from un-trusted sites infecting, monitoring and virtual takeover of desktop computers). Once identified, communicate these weaknesses to appropriate technology personnel (your FSP or the UIT Support Center) in order to help the University to maintain a safe and secure computing environment. What should I know about user password management and best practices? Passwords used to access sensitive applications and data should be private, not shared with others and meet minimum basic standards that reduce the likelihood of their compromise. Adoption of a password that is not readily “guessable”, not a commonly used term (e.g., last user name, sports teams, Tufts-related words such as Jumbos, elephant) or generic (e.g., password, guest, student, etc.), is a “non-dictionary” term and includes eight (or more) alpha-numeric characters in length is the most effective control we have to control access to Tufts’ applications, systems and confidential data. Default passwords shipped with certain IT hardware and applications should always be changed or disabled when installed. Passwords should not be displayed or affixed to the side of terminals, under keyboards/mouse-pads or other common “insecure” areas. Refer to the UIT “Creating Strong Passwords” guidelines for more information. Has Tufts adopted any general policies related to my responsibilities as a user of Tufts’ computing IT resources? The University has adopted a series of policies regarding appropriate use of University IT resources at the following websites: Tufts UIT Responsible Use Policy Tufts UIT Security Resource Policy Tufts Overview of Your Rights and Responsibilities in CyberSpace If I have a question about audits of IT security, can I contact Audit and Management Advisory Services (AMAS)? AMAS always welcomes inquiries about IT audit and security issues. If you should have questions about information contained herein or wish to suggest an appropriate area for IT audit services, please contact the Director of Audit & Management Advisory Services, Seth T. Kornetsky, at 617-627-2068 or seth.kornetsky@tufts.edu or Senior University Auditor/IT Controls Specialist, William L. Woodfin, at 617-627-2607 or william.woodfin@tufts.edu and they will be glad to assist you with any queries or concerns. Return to top Tufts EthicsPoint Hotline 1-866-384-4277 Tufts EthicsPoint Important Links Tufts Business Conduct Policy University Policies and Procedures
Tufts \| InsideTufts \| Directions \| Find People \| Contact Copyright © 2012 Tufts University