Information Security at UVa
Tip of the Month: Minimize sensitive data. Destroy your records when they've met their retention date... Find more tips about minimizing sensitive data
Find out about practices, policies, and other aspects of security relevant to your role(s) at UVa:
- Personal computer user
- Server or network administrator/LSP
- Department manager/Principal Investigator
Responsible Computing Tutorial for Faculty and Staff
The Information Security, Policy, and Records Office (ISPRO) has released an updated version of UVa's Responsible Computing Tutorial for Faculty and Staff (previously known as “IT Security Awareness Training”).
Taking the tutorial is an annual requirement. Many UVa staff and faculty have completed a version of this training at some point over the years, but only a small percentage have taken it within the last year. We are therefore implementing an automated process ensuring that University users complete this tutorial on an annual basis, keeping them up-to-date on information security and their roles and responsibilities.
Though all are welcome to complete the tutorial at any time, beginning Tuesday, January 10, 2012, we will begin rolling out reminders via the NetBadge interface to those staff who have not completed the training within the last 12 months. The reminders will be activated for a rolling subset of staff based on alphabetically-sorted computing IDs, a few hundred per day.
Staff for whom the reminders have been sent will, upon logging into NetBadge, see a notice and a link to the tutorial. They may complete the tutorial immediately, or any time within a two-week grace period. At their first NetBadge login attempt after the grace period expires, they will be required to finish the tutorial before being allowed to proceed with the login to their desired Web application.
The reminder feature will be activated for staff only in January. Faculty are welcome to take the tutorial, but will not be required to do so at this time. We plan to roll out faculty-specific training in the spring, at which time faculty will be reminded via the same process.
Once the initial rollout is complete, all staff will subsequently receive a similar reminder one year after their last completion of the tutorial. For example, a staff member who last completed the tutorial March 12, 2011 will receive a reminder (with a two-week grace period) on March 12, 2012.
Institutional Data Protection Standards
The University's outline requirements for handling and protecting all the University's institutional data, whether the information is highly sensitive, moderately sensitive, or not sensitive. For a downloadable copy of the current version of the standards (Adobe PDF format) visit the Data Protection website.
Suspicious Email Alerts Website
Want to know if that weird email message you received is a scam or spam? The Suspicious Email Alerts Page will help you check to see if what you've received is similar to other suspicious or fraudulent emails, phishing scams, or schemes to commit identity theft that are currently circulating at UVa. To make it even easier, subscribe to these security alerts and warnings via an RSS feed.
Remember, if you receive an email with text similar to these messages, DO NOT respond—delete it immediately! Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way. If you receive an email that appears “phishy” and are unsure if it's legitimate, and it is not listed, please report it to us; forward it to our email abuse team.
Highly Sensitive Data Protection Policy
The University's highly sensitive data policy, strictly limiting the circumstances under which sensitive data may be stored on individual-use electronic devices and media, and mandating that strict security requirements be met when such storage is unavoidable. It is the responsibility of individuals to determine if they have highly sensitive data on their device(s) and media and, if so, to ensure compliance with this policy.
