Practice of IA

(6.a.)

Institution's IA Security Plan/Policies

Jackson State Community College is a Tennessee Board of Regents (TBR) state institution; therefore, the College falls under the policies set forth by the TBR. In addition, Jackson State does have security related policies that are in place that meet the specific needs of the college. In some cases, these policies are derived from existing TBR policies.

The Jackson State College Student Handbook, found in the college catalog Pages 145 through 158, addresses many of the security policies that apply to enrolled students and college employees. (See College Catalog - http://www.jscc.edu/uploads/academic-affairs/catalog11-12.pdf).

Here is a list of some of these policies and the pages where they can be found in the catalog:

Student Rights – Procedure for and Release of Student Information and Privacy Rights of Students – Pages 146 - 147

Computer Misuse and User Responsibilities – Pages 149 – 151

TBR Monitoring and Inspection of Electronic Records – Page 151

TBR Policy and Procedures for Copyright Infringement – Page 152

In addition to the Student Handbook, there are several other security related policies, procedures and guidelines that are maintained by the Office of Information Technology (OIT). (See the link to OIT Forms - http://jwebdata.jscc.edu/oit/forms-emp.php).

Here is a list of these policies, procedures and guidelines:

Data Security

E-Mail Policy

Internet policy

Official Web Site Request

OIT – Downtime

OIT Resources

Password Change Procedure (E-mail)

Password Change Procedure (Windows)

Password Policy

PC Usage Policy

Unofficial Web Site Request

Web Policy

Wireless Policy

In response to the Federal Trade Commission statute on detecting and preventing identity theft, i.e. the Red Flag Rule (http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml), and the Tennessee Board of Regents (TBR) Identity Theft Prevention Policy (http://www.tbr.edu/policies/default.aspx?id=5698), Jackson State Community College has developed and implemented an Identity Theft Prevention Program .  An online course with a required exam has been developed. All Jackson State employees will be required to complete the Red Flag Rule course. Please refer to the memo from Jackson State Community College's Vice President of Financial and Administration Affairs that addresses the College's Red Flag Rule implementation progress: Red Flag Rule Memo

Jackson State also has additional safety information items that could indirectly impact information assurance. These include an Active Shooter PowerPoint, Evacuation for Fire or Bomb Threat, Gang Awareness PowerPoint, Gang Logo Information, Severe Weather and Community Emergency Response Team (CERT) information.

(6.b.)

Information System Security Personnel

Sonny Davis, Systems Administrator; and Linda Shirley, Technical Services Coordinator, share the responsibility of the network and information security. Here are the job descriptions for the Systems Administrator and Technical Services Coordinator:

The Systems Administrator is responsible for evaluating, designing, implementing, managing, troubleshooting, and documenting server resources, directory services, messaging services, network services, network applications, and security services. The Systems Administrator assists IT staff in providing advanced technical support for workstation hardware and software issues and support for database development, network connectivity issues, server operating system and configuration issues, and other support issues as they may arise.

The Technical Services Coordinator maintains all computer technology in offices and classrooms as well as the network needs of the main and sister campuses. In addition, the Technical Services Coordinator is responsible for analysis, design and administration of the campus network. This would also involve troubleshooting and repair of any network problems, installation and termination of fiber optics and CAT6E cable, and installation, programming and maintenance of all network routers and switches.

Amy West, Director of Human Resources, is the security officer for the HR and Payroll Data in Jackson State Community College’s Banner ERP system.

Robin Marek is the security officer for the Student data in Jackson State Community College’s Banner ERP system.

Dewana Latimer, Director of Financial Aid, is the security officer for the Student Financial Aid data in Jackson State Community College’s Banner ERP system.

Tim Dellinger, Director of Business Services, is the security officer for the Finance data in Jackson State Community College’s Banner ERP system.

Dee Henderson, Executive Director of Institutional Advancement, is the security officer for the Alumni and Advancement data in Jackson State Community College’s Banner ERP system.

(6.c.)

Implementation of IA Security Plan and IA Awareness

Training

Jackson State Community College faculty and staff are required to participate in training sessions involving information security on an annual a basis. This training comes in the form of security briefings at inservice meetings at the beginning of each semester. This discussion includes topics such as physical security, identity theft, Family Educational Rights and Privacy Act (FERPA) and other related security issues. The briefings are conducted by Darron Billings, Environmental Health and Safety Training Coordinator. On occasion, local law enforcement and/or emergency management personnel are invited to speak on related security subjects.

JSCC employees are also required to participate in computer-based online training as required by Tennessee Board of Regents policy. This includes various safety related topics and Department of Homeland Security training. This course addresses various information assurance topics. As noted in Section 6.a., there is a new Red Flag Rule training required for all employees. Here is a link to the course access instructions:

Red Flag Rule Training Instructions

Security Banners

Warning Banners are used on all employee and student computers at all JSCC locations that make the user aware of IA security. The current banner states:

UNAUTHORIZED USE PROHIBITED.

ATTENTION: IF YOU HAVE NOT ACTIVATED YOUR NETLOGON, PLEASE LOGON USING THE USER 'netlogon_help' WITHOUT A PASSWORD. WHEN YOU COMPLETE THE PROCESS, PLEASE LOGOFF AND THEN LOGON USING YOUR NEW NETLOGON.

This system is the property of Jackson State and is part of the institution's Information Technology resources. Use of this system implies acceptance and compliance to all applicable policies of Jackson State, the Tennessee Board of Regents, and the state of Tennessee and all applicable local, state, and federal laws.

System activities may be monitored for administrative and security purposes. Use of this system implies consent to such monitoring and acceptance of responsibility to preserve the confidentiality, integrity, and availability of the resources accessed.

NOTE: Unauthorized copying or distributing of proprietary music, video, software

Security Related Help

Jackson State’s web site contains a link to computer security related information/help. The Computer Security Link provides information with regards to what actions to take if a user receives “strange emails” that might contain viruses. The link also provides information about how to identify Phishing emails that attempt to gather personal identity information (social engineering) for identity theft purposes, information about False Positives (I didn’t send an email to …), cautions regarding legitimate update and patches and the implementation of Spyware protection.

Forms, Policies and Guidelines

The Office of Information Technology maintains a link to computer related employee forms, policies and guidelines.

Community Emergency Response Team (CERT)

Jackson State formed a Community Emergency Response Team (CERT) several years ago. The CERT members are key personnel located in all areas of the campus that have been trained to respond appropriately during times of emergencies. For example, during severe weather warnings, CERT members are responsible for assuring that all students and employees are notified and directed to safe areas.