Computer Security Information
Recent Updates
Announcement
VITA Required Information Security Changes
The College is mandated by the Commonwealth of Virginia to comply with the information security standards, SEC501-01 Revision 4, as established by the Virginia Information Technology Agency (VITA).
The following standards will be implemented:
- Local administrative rights on office computers will be discontinued. You will not be able to install software, etc., on these computers any longer. This measure will reduce the risk of computer viruses from having the ability to install themselves onto your office computers. As you know, viruses can create havoc for everyone. Please submit work orders to Technology Services for future installations and software changes.
- Legacy POP3/IMAP methods of connecting to our College e-mail server will be discontinued. This affects e-mail linking to any device that uses these methods (PDAs, for example). These older methodologies send data in clear text, and therefore, enable anyone to view or alter your data during transmission. However,
- You can still use Outlook Web Access to view your e-mail remotely, and
- Technology Services has scheduled March 1, 2009, for implementing newer technology to replace the POP3/IMAP functions.
- USB storage devices inherently increase the risk for private data to be lost or stolen. Technology Services has encryption software available for all College-owned USB thumb drives, USB hard drives, and computer laptops. To reduce the risk of private data loss, all offices are to only utilize College-owned/managed USB equipment.
The effective date of these changes will be Jan. 24, 2009.
Special Notes:
- Student accessible computers retain their local administrative rights and the ability to utilize personal USB thumb drives in order to provide diverse instructional pedagogies. In essence, classrooms, library computers, and classroom teacher stations are exempted from the admin rights and the USB standards.
- Details for each of the above IT related changes will be posted under the College's Technology Services Security Web page in the near future.
Technology Services: We are here to help.
Technology Services is here to assist you in this transition. If you have questions or just need clarification, please contact Henry Coffman at 868-7117 to schedule a session to discuss these changes and/or provide any information or assistance that we can.
Thank you for your understanding as the College implements these requirements.General
- CERT Advisories
- SANS Top 20 Vulnerabilities
- Security Alert Consensus (Archive)
- US-CERT
- NIST's Vulnerability & Threats Portal
- US Department of Energy CIAC
- MITRE Common Vulnerabilities and Exposures
- Internet Storm Center
Operating Systems
Applications
Security Awareness
- Securing Your Web Browser
- Social Engineering and Phishing Attacks
- Identity Theft—Federal Trade Commission's resource
- Virginia Alliance for Secure Computing and Networking (VA SCAN) addresses Commonwealth's Information Technology Security Standard
- The Duh's of Security
