The information security program at Smith is designed to help the college meet three essential goals:
- Confidentiality is the assurance that only authorized users are allowed access to data or services.
- Integrity is the assurance that information and services provided and received are accurate, valid, and come from a known or authorized source.
- Availability is the assurance that information and services remain available and useful for all who need them.
The documents below describe the policies and procedures Smith has implemented to work toward these goals and provide the college community with both information security and usability. The documents also describe a suite of software tools and applications designed to help individuals and departments assess and manage their information security risks.
Security Program and Policies
Software Tools and Applications
Information Security Risk Assesment Forms
For More Information
Security Programs and Policies
Comprehensive Information Security Program
This umbrella document brings together multiple information and data security processes and policies intended to enhance the overall security of the information that touches all aspects of the college’s workings, and ensure compliance with all applicable laws and regulations.
Employee Information Security Policy
Every employee and volunteer who has access to personal, confidential, and sensitive information has a duty to protect that information from unauthorized access. Managers are obligated to ensure that employees and volunteers are aware of this policy and advised on how to perform their work within the boundaries of this policy.
Web Server Policy
This policy specifies requirements intended to maintain the credibility, integrity, availability and security of Smith's primary web server, as well as the vitality of its content, at the highest level reasonably possible.
This document provides links to all ITS and college policies related to information security.
Reporting a Suspected Security Breach
This document explains the procedure for reporting the possible loss, theft, or compromise of computers, storage devices, or electronic data files that contain personal, confidential, or sensitive information.
Information Security Presentation: Handling Sensitive Data at Smith
This PDF document contains the ITS presentation on policy and legal requirements for managing classified information and mitigating security breach risks at Smith.
Back to top>
Software Tools and Applications
Password-Protecting Your Computer Workstation
Even though your network files are protected by a Novell password, we strongly recommend setting a separate workstation password to protect your workstation from unauthorized access and add an additional level of security for your files.
Secure File Transfer
All Smith file and web servers support only secure file transfer. The documents on this page explain how to install and use Windows and Mac applications that let you transfer files securely between your computer and a Smith server.
TrueCrypt File Encryption
If you ever use your Smith-owned laptop computer off-campus, we strongly recommend installing TrueCrypt encryption software. TrueCrypt allows you to create a special password-protected folder for storing files that contain sensitive information. Files saved in your TrueCrypt folder are automatically encrypted, and no one can access or decrypt them without entering the password you set for the folder.
The Identity Finder software system helps prevent identity theft by locating personal, confidential, and sensitive information in your local and network files and providing a variety of ways to remove or protect that information.
Software Tools & Applications Presentation
This PDF document contains the ITS presentation on the software tools and applications that support the information security initiative at Smith.
Back to top>
Information Security Risk Assessment Forms
Individual Information Security Risk Assessment Checklist (PDF)
This information security risk assessment checklist should be completed by all Smith College data handlers.
Department Information Security Risk Assessment Guidelines
This document describes a recommended process for department heads/data custodians to follow to collect the information security risk assessment data required by ITS by March 31, 2011.
Finding your Computer Identifier
This document explains how owners of Windows and Mac desktop and laptop computers can find the Computer Identifier data required by ITS.