Document Imaging Standards
North Dakota State University (NDSU) uses digital imaging to preserve and protect required documents that may or may not contain confidential data. The University in the course of its business operations and processes is dedicated to ensuring the privacy and proper handling of this information.
To ensure that digital document imaging systems and the information created is accurate and secure.
NDSU hs adopted a compliance strategy for all divisions and departments who use digital imaging to preserve and protect documents.
Policy and Procedure Overview:
- Digital document imaging systems must be approved and registered according to NDSU Policy, Section 710 by the NDSU Division of IT Vice President and CIO.
- All data stored and maintained on the system is classified and protected according to Nort Dakota University System (NDUS) Policies and Procedues 1901.2, 1904.1, 1912, 1912.1; and NDSU Policies, Sections 158, 710 and 713.
- If the digital imaging system is outsourced to a third party vendor, the vendor must comply with all policies and procedures as listed in above item 2.
Document Imaging Procedure Summary:
To ensure that digital document imaging systems and information created are accurate and secure, the folowing are to be present in an imaging program:
- Procedures employed shall comply with standards established by the NDUS and also defined in procedures for managing digital systems.
- Documentation created will outline and describe system software and hardware specifications and written policies and procedures that document the creation, maintenance, use and preservation of digital images within the system.
- Training schedules implemente will include initial instruction as well as regular, ongoing retraining must be implemented to ensure that employees understand the policies and procedures and any changes that may occur.
- Audit mechanisms to monitor the reliability and authenticity of the digital images must be activated, understood and used.
- Hardware and software shall be monitored for reliability, integrity, and security of the system.
- Departments, divisions, and colleges must periodically review all document imaging policies, procedures, and guidelines, and make necessary updates to meet regulatory changes.
NDSU Internal Auditor
Old Main 16
NDSU Chief IT Security Officer
April 15, 2014
The Internet was stunned to learn of a significant vulnerabilty to security this last weekend. OpenSSL, an application that is used by software and services throughout the Internet for authorization of legitimate websites was found to have a core flaw. Essentially anyone from anywhere could send a specially crafted packet to a service or site using OpenSSL, asking if the server is still accepting communications and the server would return up to 64 Kilobytes of what was in its memory at the time of request. This return could be username and passwords, or documents, or even security certificates. The OpenSSL foundation responded and fixed the core code of OpenSSL, but there are still hundreds of thousands devices, or services that still are running the old version of the software. Please check for updates on your devices, and change any passwords for sites you maybe concerned about. However, only change those passwords after a site has patched their services, and revoked their old security certificate and created a new one.
December 5, 2013
Over 2 Million passwords to popular webpages discovered.
In Mid June, Trustwave Spiderlabs researchers were able to view information in the Pony Botnet controller that indicated that there were over 650,000 website credentials that had been harvested by this particular botnet, which, is fairly widespread. On Tuesday they announced that upon a more detailed look that over 2 million passwords have been harvested by this botnet. Many of these services have now been notified and they are taking corrective action on those accounts that have been compromised.