The Information Sensitivity Policy is intended to help employees in determining appropriate technical security measures which are available for electronic information deemed sensitive. The information covered in this policy includes electronic information stored on computers, e-mails, information on computer screens, and information shared orally or visually (such as cellular telephone and video conferencing). While this policy gives a general overview of the handling of sensitive information, users must be aware of additional Information Technology Policies that may enforce more specific requirements. Questions about the proper classification of a specific piece of information should be addressed to your manager. Any questions or comments about this policy should be directed to Information Systems.
Offices across campus deal with a wide range of electronic information covering a wide range of topics. It is the responsibility of each employee and department which handles electronic information to be familiar with the types of information being handled, any legal requirements which surround the information, the level of sensitivity which should be attached to the information, and the available technologies for protecting that information.
The Sensitivity Guidelines below provide details on how to protect information at varying sensitivity levels. The sensitivity level to be assigned to electronic information may be assigned by any area which handles the information.
3.1 Minimal Sensitivity
3.2 More Sensitive
3.3 Most Sensitive
Anyone found to have violated this policy may be subject to disciplinary action, up to and including suspension of access to technology resources or termination of employment. A violation of this policy by a temporary worker, contractor or vendor may result in the termination of their contract or assignment with Murray State University.
Approved Electronic File Transmission Methods
Includes supported SFTP clients, SSH sessions, VPN tunnels, and HTTPS.
Approved Electronic Mail
Includes all mail systems supported by the MSU Information Systems Department. If you have a business need to use other mailers, contact the MSU Information Systems Department.
Individual Access Controls
Individual Access Controls are methods of electronically protecting files from being accessed by individuals other than those specifically authorized. On most operating systems this is referred to as file permissions.
Encryption is a procedure used to convert data from its original form to a format that is unreadable and/or unusable to anyone without the tools/information needed to reverse the encryption process.