Recommendation 10: The University, with leadership from the OVPIT, must continue to develop policies and implement procedures that protect the security of IU's information technology resources and institutional data, safeguard personal privacy, and respect intellectual property rights, while at the same time promoting two traditional university values associated with academic freedom: access to information and freedom of discourse.
Action 66. The University should develop clear and forceful policies to address the management and protection of information and the security of IT resources.
The Information Technology Policy Office (ITPO) and University Information Services (UIS) Division have developed a plan to establish a Data Administration/Information Management function within OVPIT/UITS. The proposal to establish this function was approved in December. The Data Administration/Information Management unit will work with data management committees (Committee of Data Stewards, Committee on Institutional Data), University business areas, University archivists, library staff, technicians, and others to develop policies, procedures, and education programs related to appropriate protection, use, and retention of institutional data.
Action 67. UITS, with the Committee on Institutional Data and others in the University community, should develop security mechanisms that properly enact institutional policy. Implementation of these security mechanisms should include risk assessment, audit and controls, and education and awareness. UITS should focus special attention on providing reliable authentication and access management systems.
The Information Technology Security Office (ITSO) has undertaken an initiative to increase the scope and capacity of security services provided to all campuses by the ITSO. These security services include intrusion detection, risk assessment, scanning network-connected computers for vulnerabilities, initiation and coordination of incident response, and provision of security information resources to all campuses. Major upgrades to security services will be in place by February 2000.
Authentication and access control systems are a central component of IT security. Establishing a University-wide Global Directory service is a critical first step toward a University-wide common authentication service. The multi-campus Global Directory Services team has identified username conflicts among all members of the University community (i.e., situations where two or more users on different campuses have the same username). These conflicts must be resolved before a global authentication mechanism can be implemented. Work is under way to resolve these conflicts and each member of the IU community should have a unique University username by March 2000.
Action 68. UITS should collaborate with the Copyright Management Center on developing policies and programs that advance the use of information technology and information resources, especially in areas of teaching and research, while limiting the University's liability exposure regarding intellectual property rights.
The University ITPO has been working in collaboration with the Copyright Management Center and University Counsel on matters related to intellectual property and copyright. This collaboration has led to the registration of an agent with the US Copyright Office (August), as encouraged by the Digital Millennium Copyright Act. This agent (the University IT Policy Officer) is the contact for all IU campuses, and will receive and coordinate the resolution of complaints of alleged copyright infringement by members of the IU community. Specific University procedures regarding intellectual property and copyright are being developed and will be published by February 2000.
IX. Digital Libraries | Table of Contents | Contacts
January 2000
http://www.indiana.edu/~uits/cpo/accomplish/l.html
Comments to ovpit@indiana.edu
Copyright © 2000, the Trustees of Indiana University