The purpose of this policy is to establish standards for the creation all passwords and their critical role in protecting ICOM data
The scope of this policy includes users who meet any of the following criteria:
• Users responsible for an account (or any form of access that supports or requires a password) on any system that resides at or is owned by ICOM
• Users with access to ICOM's network
• Users who store any non-public ICOM information.
Passwords are a vital aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password can compromise ICOM's data systems and services. As such, all users (including contractors and vendors with access to ICOM's systems) are responsible for taking the appropriate steps, outlined below, to select and secure their passwords.
Director of IT/Information Security Authority, Faculty, Staff, Students, and all others who access ICOM systems and network.
Change your passwords periodically.
The frequency of password change is generally based on the privilege or access level of the account. Accounts with greater privilege or access should have their passwords changed more frequently.
If your password has been compromised or you suspect it's been compromised, change your password immediately. Change your password by a) visiting console.jumpcloud.com or b) change it in the application you are using, and then contact the helpdesk
Passwords must not be inserted into email messages or other forms of electronic communication.
PASSWORD PROTECTION STANDARDS:
Password protection is a vital part of any security plan, so please observe the following
Do not use the same password for IOCM accounts as for other non-ICOM accounts, such as personal ISP account, benefits, banking, and other accounts.
Do not share ICOM passwords with anyone, including administrative assistants or secretaries.
All passwords are to be treated as sensitive ICOM information.
When IT works on your computer, please arrange to be available to type in your password as needed. If that is not possible, change your password immediately before and after the work is done.
Good practices to follow:
Don't reveal a password over the phone to ANYONE
Don't reveal a password in an email message to ANYONE
Don't reveal a password to a supervisor
Don't write passwords down and save them
Don't talk about a password in front of others
Don't hint at the format of a password (e.g., "my family name")
Don't reveal a password on questionnaires or security forms to ANYONE
Don't share a password with family members
Don't reveal a password to co-workers (e.g., when going on vacation or leave of any kind)
Don't store passwords in a file on ANY computer system (including a smartphone or similar devices) without encryption.
If someone demands a password, refer that person to this document or have that person call a staff member of the information technology department.
Any employee found to have violated this policy may be subject to disciplinary action, up to
and including termination of employment.
Chief Information Officer/Information Security Authority