- As a computer user of SCS Personal Homepage and FTP Service, you are automatically governed by the document GEN002 Computer Network - Policies and Guidelines on Access and Usage. Special attention should be paid to 3.8, 5.1, 5.6 & 5.8 of the Policy.
- Users are encouraged to publish home pages to illustrate their academic/research/teaching work, and list awards they have achieved.
- Users are encouraged to publish their home pages to introduce University activities, their work or study, special projects, or aspects of the community which they serve.
- Users home pages should not directly or indirectly include any pornographic and indecent materials.
- Users home pages should not point directly to anything objectionable, nor should they link/contain pictures, sound or language that are contrary to established policies in the campus & community.
- Posting materials that violate existing laws or the University's Codes of Conduct may lead to being disciplined by the Government, the University Council or the authorized organizations. Special attention should be paid to the laws regarding Copyright, Patent and Trademark.
- Users should exercise judgment in designing the pages, and should not cause the waste of computing resources and security problems of the SCS Personal Homepage and FTP Service during the period of development & production.
- It is the responsibility of the users to ensure that the contents of his/her home pages are appropriate and do not incur anger or inconvenience to anyone/organizations.
- Users are NOT recommended to store large files, personal belongings, and not allowed to store any pirate item in the SCS Personal Homepage and FTP Server. If the files are important, users should make their own copy in other places. SCS Personal Homepage and FTP Service are just for convenient use, not for permanent storage.
SCS reserves the right to make further amendments to these guidelines at any time.
Guidelines for Securely Using Mobile IT Devices and Removable Storage Media
Mobile IT devices can be laptop computers, personal digital assistants (PDAs) and smart phones. Removable storage media can be external hard drives, memory card, CDs, DVDs and universal serial bus drives (a.k.a. memory sticks and thumb drives).
These handy portable devices are usually small. They can be lost or stolen easily. The following guidelines document various ways to securely manage these devices when they are used to store sensitive and restricted information.
Below are the major guidelines:
- Storage of sensitive and restricted data on portable devices should be avoided or limited to the minimal quantity required to accomplish the business purpose.
- Use a strong password to protect the access to the portable devices. This will make reading your data difficult and may deter a less skillful hacker. The password should be changed regularly.
- Encrypt sensitive and restricted data stored in portable devices to lower the risk of disclosing the data. For more information about encryption software or secure portable devices, please feel free to contact us.
- Do not let mobile devices with sensitive data be left unattended or be shared with unauthorized persons. They should be in the possession of an authorized person at all times or be physically locked away.
- Carry out back-up of data in portable devices to another secure media regularly.
- In disposing obsolete mobile storage, degaussing or physically destroying is recommended.
- Remove all sensitive and restricted data in the mobile storage before sending to reliable service providers for repairing. Service providers should normally sign a confidentiality agreement (see attachment) to demonstrate due diligence.
- Install anti-virus and malicious code detection software and perform regular scanning.
- Immediately report any loss, theft or unauthorized access of mobile storage containing sensitive and restricted data to the Director, Division Heads or IT Support Team of SCS.
The abbreviations and terms used in this document have the following meaning:
"mobile IT devices" are IT devices like laptop computers, personal digital assistants (PDAs) and smart phones.
"removable storage media" is memory for storing data such as external hard drives, memory card, CDs, DVDs and universal serial bus drives (a.k.a. memory sticks and thumb drive).
"portable devices" refers to all mobile computing devices and removable storage media.
"sensitive data" means information generally used internally by authorized users or externally by authorized partners for business needs. It includes security-sensitive information.
"restricted data" is data restricted by law and legal contract such as personal data. It also includes information which enables the access to sensitive data such an access password.
"personal data" means any data
a. Relating directly or indirectly to a living individual;
b. From which it is practicable for the identity of the individual to be directly or indirectly ascertained; and
c. In a form in which access to or processing of the data is practicable
"strong password" can be set by following the rules below
a. Set your passwords with at least eight characters composed of random letters, digits and symbols;
b. Use different sets of password in different systems, and;
c. Never use dictionary words and personal related information such as name, date, telephone number, HKID and user ID, etc.
*** Adapted from the relevant guidelines published by ITSC of CUHK on 16/5/2008 ***