The CQU Computer Security Committee was reconstituted in 1991 to "reflect the increasing need to render use of all mainframe machines and the micro/terminal rooms more secure from misuse, damage and general silliness". Item A5 in the CQU Staff Manual details the terms of reference for the Committee and its reporting structure through the Vice-Chancellor's Advisory Committee (VCAC).
In 1994 Council approved the adoption of a university policy and code of conduct (University Policy: Information Technology Security and Code of Conduct: Information Technology Security, available at http://www.cqu.edu.au/documents/compsec/itsec.html). This policy, modelled after a similar policy at University of Sydney, is implemented through appropriate subsidiary policies and operational procedures developed by divisions, faculties, departments, campuses, and other operational units.
Information technology, and therefore information technology security, is an area where the only constant is change itself. Since the university has also been, and continues to be, in a state of change and growth, it has been difficult for individual units to implement appropriate policies and procedures. Participants at an implementation workshop early in 1995, for example, requested sample procedures and other aids to assist them in implementing the policy.
The Committee has posted the Policy and Code of Conduct on the CQU WWW pages and in every university controlled laboratory, and initiated a series of 'tip' sheets (currently E-mail: The Electronic Postcard, Making Backups a Regular Routine, and Password Use and Selection). These guidelines are another step towards meeting that need.
It is a characteristic of the computer security community that materials and information are freely exchanged whenever possible. We wish to acknowledge COACH's generosity in providing permission to adapt their guidelines to a university setting.
It has been suggested that the document would be more proactive if it had been written using shall be done, rather than should be done. That is probably true. In presenting this document as a set of guidelines, however, we are leaving the responsibility for implementation with the operational units. It is, therefore, the responsibility of each Faculty, Division, or other operating unit to implement (and enforce) those procedures which are appropriate to your individual situation.
The CQU Computer Security Committee asks only that you consult with us as appropriate, and that you provide us with copies of the policies and procedures which are adopted by your unit so that we can maintain a record of institutional policies and procedures.
A C Lynn Zelmer
Chair, CQU Computer Security Committee
April 1996
Contents
Background:
[1]
[2]
[3]
_Section:
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
_Annex:
[1]
[2]
[3]
[4]
[Index]
Guidelines for Computer Security at CQU, A C Lynn Zelmer, PhD; Editor/Adaptor
Copyright © 1996 CQU Computer Security Committee
Central Queensland University Home Page