Security :: Securing Confidential Information

Printer-friendly version

The Board of Trustees of the California State University (CSU) system, of which Humboldt State University (HSU) is a part, is responsible for protecting the confidentiality of the personally-identifiable information held by the system. The Board is also responsible for the security of the equipment on which this information is stored and processed, and for the related privacy rights of the CSU students, faculty, and staff with regard to this data.

It is the collective responsibility of the CSU, its executives, managers, faculty, and staff to ensure:

  • the integrity of the data
  • the maintenance and currency of the applications using this data
  • the preservation of the data in case of natural or man-made disasters
  • compliance with Federal and State regulations, including intellectual property and copyright.

Responsibility for implementing an information security program for each campus is delegated by the Board to individual campus presidents. At HSU, the program is managed by an Information Security Officer (ISO) appointed by the President. The HSU security program is built on a set of locally-developed principles known as the "Six Commandments" for information security:

  1. No appliance may connect to the network without appropriate security
  2. There should be no unnecessary duplication of confidential information
  3. No confidential information may be transmitted in unencrypted form.
  4. Any inactive file containing confidential information should be destroyed
  5. Confidential information in non-electronic form must be stored securely
  6. Confidential information that is no longer required must be disposed of securely

Actual implementation of the University's information security "best practices" that will result in compliance with the Six Commandments is defined in a series of Security Memos that every user of HSU's network should read:

Connecting to the Network Securely
Password Security
Personal Information Protection
Using Hardware to Boost Software Security
Secure Destruction of Confidential Information
Incident Response Procedures

University employees who work with HSU information on their own computers, for example, when working at home, have the same duty of protection toward that informatiom as if they were working with it on a campus-owned system.

Additionally, contractors and consultants with access to the University's information have the same duty of protection toward that informatiom as if they were an HSU employee. Those awarding contracts to contractors and/or consultants must ensure that the contractors and/or consultants are aware of their obligations to protect the University's information.

If you have any questions, please contact the campus Information Security Officer at (707) 826-3815 or send email to