Technical

Secure technology lifecycle starts and ends with an IT Professional

Information Technology professionals play key role in assuring the confidentiality, integrity, and availability of information and technology at McMaster. Developers are responsible for integrating security into the development lifecycle; system administrators are responsible for maintaining our systems; and, support personnel are responsible for responding to, and remediating incidents as they occur.

Standards

Standards play a critical role in providing information and technology security at McMaster.

Standards are supplemental documents to the Information Security Policy that clarify how the University will meet its information security objectives. They provide you, as a technical service provider, with technical guidance on to configure and manage the systems for which you are responsible. Implementing systems and services in compliance with the Standards helps the University to maintain business continuity and protects McMaster’s reputation.

The Information Security Policy requires that Technical Service Providers comply with all approved technical Standards. It is your responsibility to review and understand the standards, and to implement them wherever it is technically feasible. Please contact the IT Security team if you have questions or concerns, or if you would like to contribute to the development of Standards.

Privacy

As a Technical Service Provider, you have privileged access to all of the systems for which you are responsible. With this access comes great responsibility. Your clients count on you to secure the service they provide to their customers, and to prevent unauthorized disclosure of private information.

The Information Security Policy requires that all services are configured to prevent unauthorized access to private information, and defines the approval process for requests for access to individual accounts. Technical Service Providers are required to all suspected Privacy incidents to the University Privacy Officer.

Reporting an Incident

How we respond to information security incidents is critically important when dealing with information security. The Information Security Policy requires all members of the McMaster community to report known or suspected IT Security and Privacy Incidents to the appropriate authorities.

Whether you are developer in a large department, or the only IT support person in your faculty, it is up to you to help identify security incidents as they happen, and to report them to the appropriate authorities. Reporting incidents thoroughly and in a timely manner is a positive act that helps keeps our information safe.

Take the time to learn how to identify Information Security and Privacy incidents, and how to report them. Watch for IT Security alerts and notifications sent via email, or posted to the @McMaster_ITSec twitter feed and the McMaster IT Security Facebook page.