IT Security Policy Report: Student Account Handling at University

Verified

Added on 2023/01/18

AI Summary

This report delves into the crucial aspects of IT security policies, specifically focusing on student account management within a university context. It outlines the importance of robust security measures to protect sensitive information and prevent unauthorized access. The report discusses the necessity of well-defined policies to address potential threats, including those from disgruntled employees or external hackers. Key elements covered include user account handling, access rights, and responsibilities. The report emphasizes the need for clear procedures for account creation, expiry, and deletion, especially when students leave the institution. It also highlights the significance of user account responsibility, ensuring that students understand their roles in maintaining security. Furthermore, the report stresses the importance of physical and network security to prevent data breaches and system damage. The conclusion reinforces that technology alone is insufficient and that clear, specific policies are vital for effective network security. The report provides a framework for designing and implementing security policies, ensuring the protection of valuable information assets.

Running head: IT SECURITY POLICY
IT SECURITY POLICY
Name of Student
Name of University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IT SECURITY POLICY
Introduction
A policy usually means a particular document which defines the way a specific
organization details with various aspects of security of the most important asset, information
(Peltier, 2016). The policies might vary in nature as well as operations, some policies might be
regarding the behavior of end user, the response of IT to various incidents, policies can also be
designed for various incidents and issues. Some user policies include passwords, use of internet,
and attachments in email, instant messaging and many more (Safa, Von Solms & Furnell, 2016).
Some system admin policies include new policies, departing employees, access control, change
control and many more.
Discussion
An IT security policy is responsible for outlining the key items in a particular
organization which requires to be protected. This can include the network of the company, its
building and many more. The policies should outline various potential threats to the items (Han,
Kim & Kim, 2017). If the policy focuses on cyber security, threats might also include those that
form the inside like possibility which disgruntled various employees. This would help in sealing
data or have the chance to launch a particular internal virus on the network of the company.
Designing a policy is very important because hackers that do not belong to the company might
penetrate the organization’s system as well as cause breach of data, change the saved data and
sometimes steal it as well. The physical damage to the computer systems might also take place.
The implementation of policies helps an organization in determining the ways by which they can
prevent these threats (Larivé, 2016). Instituting various policies along with the strong network
and physical security might be some safeguards. In order to design a security policy, it is
necessary to make a plan for what needs to be done when a threat materializes.

2IT SECURITY POLICY
The policy of security must be provided to everyone in the organization. Along with this,
the process of safeguarding the data must be reviewed on a regular basis and is updated when
new people are boarded for various purposes (Kuypers, Maillart & Pate-Cornell, 2016). The
security policies strictly consider the fact that the details regarding a particular user would not be
accessed by other users until and unless it is actually required. Besides this when new users are
added the user accounts also need to be added and along with a member’s dismissal the account
needs to be deleted or disabled depending on the type of dismissal (Biscop, 2016). In case the
dismissal is temporary in nature, the account is not removed but disables so that no other user
can use it and in case of permanent dismissal, the account is permanently deactivated.
The specialized student scenario that has been selected for this particular purpose is a
student who is leaving. The steps that can be used in order to design the policy are as follows
Step 1: IT security polices for handling use accounts or rights for a student. IT security
deals with protecting various computer systems from a damage or theft related to information,
software, hardware and misdirection for various services that they provide.
Step 2: one of the policies related to security that IT provides includes user/rights. The
policies which can be written for the purpose of handling various user accounts are protection of
user accounts, expiry as well as deletion of the user account, responsibilities of user accounts,
user accounts should reside within the particular system that has been authorized by the team of
IT (Hoffmann, Kiedrowicz & Stanik, 2016). The user accounts as well their access should agree
to the condition of the use that has been put forward by the department of IT.
The IT policies which would be applicable in case a student leaves prematurely are as
follows

3IT SECURITY POLICY
Step 3: expiry and deletion of various user accounts. User accounts must be terminated
or deleted automatically when a particular course is completed or when a specific student
withdraws from the course that was being perused by them and is no more needed (Spooner,
Demurjian & Dobson, 2016). This can be done through the changes in the part of authorization
or deleting that particular account in case no more privilege is needed.
Step 4: user account responsibility. A student who is usually working as an assistant for
the members of faulty present in an institute would be provided with some special privileges as
compared to other students in the institute (Peltier, 2016). When these students leave the
university, they must hand over the responsibilities fulfilled by them, accounts of users along
with their passwords to the authority that is concerned. The accounts for log on to any server in
the intranet or many more resources are actually deactivated.
Step 5: user accounts should be resided within various systems that are authorized by the
team of IT. Students who usually work as assistance when they have already dropped out from
the course, temporarily must handover their user accounts to concerned and back with faculty
concerns he must take the responsibility of handling the accounts of the users.
Step 6: cases when student work as assistance after being dropped from a particular
course or not, before leaving at any sort of circumstance or time must disclose the login IDs as
well as passwords. IT Policies would not ask user IDs as well as policies in any situation. It
depends on the student for maintaining secrecy of their login IDs and the passwords.
Conclusion
From the above assignment it can be concluded that the technology cannot be considered
as enough for ensuring network. Clear and specific policies are very important which would
detail the procedures on the network. The policies should cover employee computer resource

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IT SECURITY POLICY
use, outgoing employees, new employees, access rights, responding to an emergency and how a
particular security code in the applications as well as websites. User policies are supposed to
cover the aspects of how a user is expected to use company technology. In various cases like
instant messaging and web use, policies might be difficult to enforce. In case the policies do not
follow a specific area of technology then they would face difficulty in taking any action against
the employee that performs a particular misuse.

5IT SECURITY POLICY
References
Biscop, S. (2016). The European security strategy: a global agenda for positive power.
Routledge.
Han, J., Kim, Y. J., & Kim, H. (2017). An integrative model of information security policy
compliance with psychological contract: Examining a bilateral perspective. Computers &
Security, 66, 52-65.
Hoffmann, R., Kiedrowicz, M., & Stanik, J. (2016). Risk management system as the basic
paradigm of the information security management system in an organization. In MATEC
Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Kuypers, M. A., Maillart, T., & Pate-Cornell, E. (2016). An empirical analysis of cyber security
incidents at a large organization. Department of Management Science and Engineering,
Stanford University, School of Information, UC Berkeley, http://fsi. stanford.
edu/sites/default/files/kuypersweis_v7. pdf, accessed July, 30.
Larivé, M. H. (2016). Debating European security and defense policy: understanding the
complexity. Routledge.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. Computers & Security, 56, 70-82.
Spooner, D. L., Demurjian, S., & Dobson, J. (Eds.). (2016). Database Security IX: Status and
Prospects. Springer.