The purpose of software security is to assure employees' access to the computing resources and data needed to conduct University business while protecting those resources to ensure availability, reliability and integrity.
In addition, the following specific actions and use of Purdue University information and resources are improper:
Each person requiring access to Purdue University computing resources is given a unique User-ID allowing access to those resources. Users are responsible for all activities involving their personal UserID. Do not share passwords. Shared or group UserIDs are not permitted.
Currently, password is the primary mechanism used to secure access to software and data. For this reason passwords must be stored in protected locations, must not be shared and must not be viewable in clear text. The use of strong passwords must be enforced. A strong password is:
Staff using Purdue computers and/or workstations must activate and utilize a password protection method to secure their workstation. It is expected that any user of one of these devices will activate a lock facility prior to leaving the machine unattended.
Purdue University uses access controls and other security measures to protect the confidentiality, integrity, and availability of the information handled by computers and communications systems. In keeping with these objectives, management maintains the authority to:
This authority may be exercised with or without notice to the involved users.
User-IDs may be granted to specific users only when approved in advance by the user's immediate supervisor. Prior to being granted to users, business application system privileges must be approved by the involved information owners.
All Purdue University computing systems privileges must be promptly terminated at the time that a worker ceases to provide services to Purdue University. When a workers responsibilities change, their computing system privileges must be adjusted as appropriate.
Management must clearly specify in writing the assignment of stewardship and custodian responsibilities for databases, master files, systems and other shared collections of information.
Management must establish specific written policies regarding the categories of people who will be granted permission to access various types of information. These policies must also specify limitations on the use of this information by those to whom access will be granted.