 
University of Pennsylvania |
 |
 |
 |
 |
|
 |
|
 |
|
 |
|
[ BEN Financials ] Section 1. University Security Section 2. Obtaining Logon IDs Section 3. Passwords Section 4. Accessing and Exiting BEN Financials Overview There are two important areas to consider when thinking of data security. One is protecting data, especially sensitive data, from compromise. Data is compromised when an unauthorized individual reads or changes it. The second area is protecting the use of personal IDs. Each BEN Financials record is stamped with the logon ID of the person who entered or modified the record. If someone other than the user enters or modifies data using his/her logon ID, the user is held responsible for the changes. It is the responsibility of all BEN Financials users to be familiar with and follow the advice in the brochure "Information Security at Penn" available at: www.upenn.edu/computing/security Logon IDs Logon IDs are used to identify the person responsible for entering and changing data in the BEN Financials system. They are issued by a central authority granting access to a system or application. BEN Financials Logon IDs are the same as the user's PennKey ID. Passwords Passwords are used to secure logon IDs from use by unauthorized individuals. Passwords are created by the user. If carefully chosen and protected, the password is the user's best line of defense for protecting data. Protecting Sensitive Data from Disclosure Sensitive or confidential data includes any data which could cause harm, either to the University or to the subject of the data, if disclosed. Examples include payroll information, medical information, performance appraisals, social security numbers, student records (legally protected), etc. Data can be compromised if a PC or laptop is stolen, diskettes or files are stolen, someone sits down at an unsecured desktop computer (user logs on and leaves the area), or someone obtains a password and abuses privileged data. Sensitive data (IDs and passwords) can be captured while being transmitted over a network from the desktop to a server. The user can prevent data compromise by securing computers and media - keep offices locked, use locking file cabinets for storing removable media (disks, tapes, etc.) and use locking screen savers. Insure file sharing programs are properly installed for the user's computer (Macintosh file sharing, Microsoft Windows 98, Novell). Social Security Numbers (SSN) must be treated with confidentiality. Social security numbers can be used to obtain a variety of personal data. Users can protect SSN confidentiality by:
Protecting Critical Data from Loss Critical data should be backed up to guard against loss due to equipment failure or loss. Software does not need to be backed up but the original diskettes should be stored in a safe place. Each user should determine how much data he/she can afford to lose and then should back up data accordingly. Backups should be kept in a different location. Use lock down equipment on computer if it is not installed in a locked office. Note: BEN Financials data is backed up at the system level. This section is included to remind BEN Financials users that data downloaded to desktop servers, Local Area Networks (LANs), DEC, UNIX or other mainframes should be safeguarded from loss. Computer Security Statement To insure that all computer users are aware of the security policies at the University, the following statement will be reviewed and acknowledged by all computer users annually.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright © 2006, University of Pennsylvania 3451 Walnut Street, Philadelphia, PA 19104 · 215.898.5000 Copyright Information | Contact Us | Privacy Policy  Visit Penn's website |
|