Policies, Security, and Responsibilities
The links below provide an overview of some of the most important IT policies covering security and your responsibilities as an IT employee at Cornell.
You are obligated to do your work in compliance with University Policy 5.10, Information Security.
- 5.4.1 Security of IT Resources: Faculty, staff, and students must share in the responsibility for the security of information technology devices.
- 5.3 Use of Escrowed Encryption Keys: Cornell must preserve and protect administrative information transmitted and stored on its systems in order to maintain and preserve its institutional assets and to comply with applicable federal and state legislation.
- 5.4.2 Reporting Electronic Security Incidents: Prompt and consistent reporting of electronic security incidents protects and preserves network and communications resources and aids the university's compliance with applicable law.
- 5.7 Network Registry: Cornell's Network Registry policy requires all devices connected to the network to be registered in a central network registry maintained by CIT.
- 5.8 Authentication to IT Resources: Rules for electronic identifiers, passwords, and minimum authentication standards for categories of institutional data.
- 5.1 Responsible Use of IT Resources: Cornell University has policies and codes that define responsible use of computers and networks. There are also federal, state and local laws governing many interactions that occur on the Internet.
5.9 Access to Information Technology Data and Monitoring Network Transmissions: This policy contributes to the protection of confidential and legally protected data and to the fostering of an environment of trust for and about the university's network.
- 5.2 Mass Electronic Mailing: University policy applies if you want to send a message to ALL members of a set of groups. CIT also offers a bulk mailing service to mitigate risks associated with mass mailings.
- 5.5 Stewardship & Custodianship of Electronic Mail: Rules for disclosing to third parties the contents of electronic mail transmitted and stored on the university's network.
- Information Security: Website for staff and faculty containing the latest IT security news, links, and how to get help.
- CIT Attestation (restricted to CIT staff)
- Use Spirion to scan computers for confidential data, such as Social Security numbers or credit card numbers.