At PSI, users are responsible to be security conscious and adopt the computing security rules not just to protect their own systems and data, but to help protect the PSI community.
You, the user, are the best defense against cyber attacks. Attackers have learned that the easiest way to get passwords or confidential data is to target you, not your computer or other devices. If attackers want your password, work data or control over your computer, they will try to trick you into giving them access.
It is essential that you read and comply with the following IT House Rules at PSI. This also applies to guests and users who use PSI computing resources from home or other internet sources.
IT House Rules at PSI
1. Adhere to applicable rules
- Inform yourself regarding the applicable rules, especially the Usage and Monitoring of IT Resources at PSI AW-95-06-01
- Be aware that you are responsible for your actions.
- Respect privacy of others.
2. Avoid the misuse of systems and passwords
- Select passwords which are difficult to guess. Keep them secret and follow the password rules.
- Use a password manager, a specialized program that securely stores all your passwords.
- If possible, enable multi-factor authentication (MFA).
- Use a password-protected screen saver whenever you leave your workplace.
- Logout or turn off computers when you are absent or do not need to use the system.
3. Think and act with foresight
- Make sure virus scanner software is being updated regularly. Never disable such security features.
- Ensure that systems and applications are up to date (patches, updates, etc.).
- Turn off unnecessary applications and services if you don't need them for your work.
4. Handle information and systems with care
- Don‘t leave mobile devices (laptop,smartphone) unattended.
- Protect important information (such as personal data) from misuse.
- Regularly backup important data in a safe place.
5. Use only legally obtained (licensed) products
- Respect copyright and license restrictions of applications and data.
- Only use programs and data for which you are authorized and for their intended use.
6. Use email and internet cautiously
- Never forget that e-mails can include links to unsafe web sites or that email attachments can include potentially harmful programs (Malware).
- Programs and data downloaded from the Internet should be handled with care and with adherence to contractual terms of the product.
7. Protect yourself during home office
- Change the default administrator password of your router.
- Only allow people you trust to access your WLAN.
- Use a secure password for your WLAN which is different from the administrator password.
- Make sure family and friends understand that they are not allowed to use your work devices.
8. Report incidents immediately
- Consider offenses against integrity and confidentiality as an incident.
- Report security-related incidents to the PSI Helpdesk.
- Report (possible) virus infections to the PSI Helpdesk.
|ISSP (Information Systems Security Policy)
|AUP (Acceptable Use Policy)
|Data Classification / Data Policy
|Roles and Responsibilities